You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "MillieZhang (Jira)" <ji...@apache.org> on 2023/02/09 09:30:00 UTC

[jira] [Created] (KAFKA-14696) CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect

MillieZhang created KAFKA-14696:
-----------------------------------

             Summary: CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect
                 Key: KAFKA-14696
                 URL: https://issues.apache.org/jira/browse/KAFKA-14696
             Project: Kafka
          Issue Type: Bug
          Components: KafkaConnect
    Affects Versions: 2.8.2, 2.8.1
            Reporter: MillieZhang
             Fix For: 3.4.0


CVE Reference: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34917]

 

Will Kafka 2.8.X provide a patch to fix this vulnerability?

If yes, when will the patch be provided?

 

Thanks



--
This message was sent by Atlassian Jira
(v8.20.10#820010)