Re: CVE-2024-31141: Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider

Hi Everyone, Due to an oversight, the Affected versions are incorrect. Version 3.7.1 of kafka-clients is not vulnerable. This is the correct data: Affected versions: - Apache Kafka Clients 2.3.0 through 3.5.2 - Apache Kafka Clients 3.6.0 through 3.6.2 - Apache Kafka Clients 3.7.0 This issue aff

Re: CVE-2024-31141: Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider

Hi Everyone, Due to an oversight, the Affected versions are incorrect. Version 3.7.1 of kafka-clients is not vulnerable. This is the correct data: Affected versions: - Apache Kafka Clients 2.3.0 through 3.5.2 - Apache Kafka Clients 3.6.0 through 3.6.2 - Apache Kafka Clients 3.7.0 This issue af

CVE-2024-31141: Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider

Severity: moderate Affected versions: - Apache Kafka Clients 2.3.0 through 3.5.2 - Apache Kafka Clients 3.6.0 through 3.6.2 - Apache Kafka Clients 3.7.0 through 3.7.1 Description: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka C