You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Manikumar (Jira)" <ji...@apache.org> on 2023/02/10 13:59:00 UTC
[jira] [Comment Edited] (KAFKA-14696) CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect
[ https://issues.apache.org/jira/browse/KAFKA-14696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17687087#comment-17687087 ]
Manikumar edited comment on KAFKA-14696 at 2/10/23 1:58 PM:
------------------------------------------------------------
Yes, you can fix cherry picking the commit ae22ec1a0ea005664439c3f45111aa34390ecaa1 2.8 branch.
was (Author: omkreddy):
Yes, you ca fix cherry picking the commit ae22ec1a0ea005664439c3f45111aa34390ecaa1 2.8 branch.
> CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect
> -----------------------------------------------------------------------------------------------------------------------------------
>
> Key: KAFKA-14696
> URL: https://issues.apache.org/jira/browse/KAFKA-14696
> Project: Kafka
> Issue Type: Bug
> Components: KafkaConnect
> Affects Versions: 2.8.1, 2.8.2
> Reporter: MillieZhang
> Priority: Major
> Fix For: 3.4.0
>
>
> CVE Reference: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34917]
>
> Will Kafka 2.8.X provide a patch to fix this vulnerability?
> If yes, when will the patch be provided?
>
> Thanks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)