CVE-2017-12610
published 2018-07-26CVE-2017-12610: In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with…
medium6.8CVSS 3.0
AVNACHPRLUINSUCHIHAN
In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | kafka | 0.10.0.0 – 0.10.2.1 | — |
| apache | kafka | 0.11.0.0 – 0.11.0.1 | — |
| apache_software_foundation | apache_kafka | — | — |
| apache_software_foundation | apache_kafka | — | — |