CVE-2018-1288: In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker…

medium5.4CVSS 3.1

AVNACLPRLUINSUCNILAL

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

Affected

16 ranges

Vendor	Product	Version range	Fixed in
apache	kafka	<= 0.9.0.1	—
apache	kafka	—	—
apache	kafka	0.10.0.0 – 0.10.2.1	—
apache	kafka	0.11.0.0 – 0.11.0.2	—
apache_software_foundation	apache_kafka	—	—
apache_software_foundation	apache_kafka	—	—
apache_software_foundation	apache_kafka	—	—
apache_software_foundation	apache_kafka	—	—
oracle	database	—	—
oracle	database	—	—
oracle	database	—	—
oracle	database	—	—
oracle	database	—	—
oracle	primavera_p6_enterprise_project_portfolio_management	19.12.0.0 – 19.12.6.0	—
oracle	timesten_in-memory_database	< 18.1.2.1.0	18.1.2.1.0
redhat	jboss_middleware_text-only_advisories	—	—