You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "MillieZhang (Jira)" <ji...@apache.org> on 2023/02/09 09:30:00 UTC
[jira] [Created] (KAFKA-14696) CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect
MillieZhang created KAFKA-14696:
-----------------------------------
Summary: CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect
Key: KAFKA-14696
URL: https://issues.apache.org/jira/browse/KAFKA-14696
Project: Kafka
Issue Type: Bug
Components: KafkaConnect
Affects Versions: 2.8.2, 2.8.1
Reporter: MillieZhang
Fix For: 3.4.0
CVE Reference: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34917]
Will Kafka 2.8.X provide a patch to fix this vulnerability?
If yes, when will the patch be provided?
Thanks
--
This message was sent by Atlassian Jira
(v8.20.10#820010)