⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.
CVE-2023-25194
Severity
8.8HIGH
EPSS
94.1%
top 0.10%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedFeb 7
Latest updateJun 10
Description
A possible security vulnerability has been identified in Apache Kafka Connect API.
This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config
and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0.
When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config`
property for any of the connect…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages4 packages
🔴Vulnerability Details
5CVEList▶
Apache Kafka Connect API: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect↗2023-02-07
💥Exploits & PoCs
1Nuclei▶
Apache Druid Kafka Connect - Remote Code Execution
📋Vendor Advisories
5Oracle▶
Oracle Oracle Communications Applications Risk Matrix: PSR Designer (Apache Kafka) — CVE-2023-25194↗2024-01-15
Oracle▶
Oracle Oracle Communications Applications Risk Matrix: Notification (Apache Kafka) — CVE-2023-25194↗2023-07-15
Oracle▶
Oracle Oracle Financial Services Applications Risk Matrix: IDM - Authentication (Apache Kafka) — CVE-2023-25194↗2023-04-15