216.73.217.172

CVE-2024-36543

· Published 17/06/2024 19:15 · Modified 17/06/2024 19:15

Labels: CVE-2024-36543 2024-06-17CVE-2024-36543[email protected]

Essential information

Published
17/06/2024 19:15
Modified
17/06/2024 19:15
Author
Creator
CISA KEV
No
CWE

Description

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially steal Kafka SASL credentials, by querying the MirrorMaker Kafka REST API.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References