CVE-2018-1288

Summary

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Kafka0.9.0.0 to 0.9.0.1affected
Apache Software FoundationApache Kafka0.10.0.0 to 0.10.2.1affected
Apache Software FoundationApache Kafka0.11.0.0 to 0.11.0.2affected
Apache Software FoundationApache Kafka1.0.0affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References