Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-7702

Prefixed ACLs don't work with single character prefix

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.1, 2.1.0
    • Fix Version/s: 2.2.0, 2.1.1, 2.0.2
    • Component/s: security
    • Labels:
      None

      Description

      Prefixed ACLs with a single character are not matched correctly against resource names. ALLOW rule with single character prefix doesn't grant access to any resource and DENY rule with single character prefix doesn't deny access to any resource since the prefix is not matched correctly.

      This is not an exploitable security vulnerability since only authenticated users with authorization to create ACLs can create the prefixed ACLs.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                rsivaram Rajini Sivaram
                Reporter:
                rsivaram Rajini Sivaram
                Reviewer:
                Jun Rao
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: