CVE-2023-25194HIGHCVSS 8.8ExploitedPoC≥ 2.3.0, ≤ 3.3.22023-02-07
CVE-2023-25194 [HIGH] CWE-502 CVE-2023-25194: A possible security vulnerability has been identified in Apache Kafka Connect API.
This requires acc
A possible security vulnerability has been identified in Apache Kafka Connect API.
This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config
and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka Connect 2.3.0.
When
nvd