[jira] [Created] (KAFKA-14696) CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect

MillieZhang (Jira) Thu, 09 Feb 2023 01:30:08 -0800

MillieZhang created KAFKA-14696:
-----------------------------------

             Summary: CVE-2023-25194: Apache Kafka: Possible RCE/Denial of 
service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect
                 Key: KAFKA-14696
                 URL: https://issues.apache.org/jira/browse/KAFKA-14696
             Project: Kafka
          Issue Type: Bug
          Components: KafkaConnect
    Affects Versions: 2.8.2, 2.8.1
            Reporter: MillieZhang
             Fix For: 3.4.0



CVE Reference: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34917]

 

Will Kafka 2.8.X provide a patch to fix this vulnerability?

If yes, when will the patch be provided?

 

Thanks



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (KAFKA-14696) CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect

Reply via email to