CVE-2017-12610

Summary

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Kafka0.10.0.0 to 0.10.2.1affected
Apache Software FoundationApache Kafka0.11.0.0 to 0.11.0.1affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References