Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-14696

CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.8.1, 2.8.2
    • 3.4.0
    • connect
    • None

    Description

      CVE Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34917

       

      Will Kafka 2.8.X provide a patch to fix this vulnerability?

      If yes, when will the patch be provided?

       

      Thanks

      Attachments

        Activity

          People

            Unassigned Unassigned
            millie MillieZhang
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: