You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by cm...@apache.org on 2019/08/02 18:36:26 UTC
[kafka-site] branch asf-site updated: Add CVE-2018-17196,
fix some links. (#223)
This is an automated email from the ASF dual-hosted git repository.
cmccabe pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/kafka-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 9a9f710 Add CVE-2018-17196, fix some links. (#223)
9a9f710 is described below
commit 9a9f710c6e886c7e734986d13a2fb5e54a7242b2
Author: Colin Patrick McCabe <cm...@apache.org>
AuthorDate: Fri Aug 2 11:36:18 2019 -0700
Add CVE-2018-17196, fix some links. (#223)
Fix some links that were pointing to 2.2.
Add CVE-2018-17196 to the cve-list page.
Reviewers: Matthias J. Sax <mj...@apache.org>
---
cve-list.html | 28 ++++++++++++++++++++++++++++
intro.html | 2 +-
protocol.html | 2 +-
quickstart.html | 2 +-
uses.html | 2 +-
5 files changed, 32 insertions(+), 4 deletions(-)
diff --git a/cve-list.html b/cve-list.html
index 4b1651e..a7bb658 100644
--- a/cve-list.html
+++ b/cve-list.html
@@ -8,6 +8,34 @@
This page lists all security vulnerabilities fixed in released versions of Apache Kafka.
+<h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17196">CVE-2018-17196</a>
+<p>In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually
+craft a Produce request which bypasses transaction/idempotent ACL validation.
+Only authenticated clients with Write permission on the respective topics are
+able to exploit this vulnerability. Users should upgrade to 2.1.1 or later
+where this vulnerability has been fixed.</p>
+
+<table class="data-table">
+<tbody>
+ <tr>
+ <td>Versions affected</td>
+ <td>0.11.0.0 to 2.1.0</td>
+ </tr>
+ <tr>
+ <td>Fixed versions</td>
+ <td>2.1.1 and later</td>
+ </tr>
+ <tr>
+ <td>Impact</td>
+ <td>This issue could result in privilege escalation.</td>
+ </tr>
+ <tr>
+ <td>Issue announced</td>
+ <td>10 July 2019</td>
+ </tr>
+</tbody>
+</table>
+
<h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1288">CVE-2018-1288</a>
Authenticated Kafka clients may interfere with data replication</h2>
diff --git a/intro.html b/intro.html
index ab71a3c..12544fe 100644
--- a/intro.html
+++ b/intro.html
@@ -5,7 +5,7 @@
<div class="right">
<h1>Introduction</h1>
<!-- should always link the the latest release's documentation -->
- <!--#include virtual="22/introduction.html" -->
+ <!--#include virtual="23/introduction.html" -->
<!--#include virtual="includes/_footer.htm" -->
diff --git a/protocol.html b/protocol.html
index cdfb66d..f356929 100644
--- a/protocol.html
+++ b/protocol.html
@@ -1,2 +1,2 @@
<!-- should always link the the latest release's documentation -->
-<!--#include virtual="22/protocol.html" -->
+<!--#include virtual="23/protocol.html" -->
diff --git a/quickstart.html b/quickstart.html
index e7a0f1f..da9da0a 100644
--- a/quickstart.html
+++ b/quickstart.html
@@ -5,7 +5,7 @@
<div class="right">
<h1>Quickstart</h1>
<!-- should always link the the latest release's documentation -->
- <!--#include virtual="22/quickstart.html" -->
+ <!--#include virtual="23/quickstart.html" -->
<!--#include virtual="includes/_footer.htm" -->
<script>
// Show selected style on nav item
diff --git a/uses.html b/uses.html
index fa07951..f826e33 100644
--- a/uses.html
+++ b/uses.html
@@ -6,7 +6,7 @@
<h1>Use cases</h1>
<!-- should always link the the latest release's documentation -->
-<!--#include virtual="22/uses.html" -->
+<!--#include virtual="23/uses.html" -->
<!--#include virtual="includes/_footer.htm" -->