You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Rajini Sivaram (JIRA)" <ji...@apache.org> on 2018/12/04 09:58:00 UTC

[jira] [Resolved] (KAFKA-7702) Prefixed ACLs don't work with single character prefix

     [ https://issues.apache.org/jira/browse/KAFKA-7702?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rajini Sivaram resolved KAFKA-7702.
-----------------------------------
    Resolution: Fixed
      Reviewer: Jun Rao

> Prefixed ACLs don't work with single character prefix
> -----------------------------------------------------
>
>                 Key: KAFKA-7702
>                 URL: https://issues.apache.org/jira/browse/KAFKA-7702
>             Project: Kafka
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.0.1, 2.1.0
>            Reporter: Rajini Sivaram
>            Assignee: Rajini Sivaram
>            Priority: Major
>             Fix For: 2.2.0, 2.1.1, 2.0.2
>
>
> Prefixed ACLs with a single character are not matched correctly against resource names. ALLOW rule with single character prefix doesn't grant access to any resource and DENY rule with single character prefix doesn't deny access to any resource since the prefix is not matched correctly.
> This is not an exploitable security vulnerability since only authenticated users with authorization to create ACLs can create the prefixed ACLs.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)