This is an automated email from the ASF dual-hosted git repository. cmccabe pushed a commit to branch cve2 in repository https://gitbox.apache.org/repos/asf/kafka-site.git
commit 8b24d3fdc3699d9c27579ed7eeb0cae9c5cc9d86 Author: Colin P. Mccabe <cmcc...@confluent.io> AuthorDate: Fri Aug 2 11:36:39 2019 -0700 Fix missing close tag in cve-list.html --- cve-list.html | 1 + 1 file changed, 1 insertion(+) diff --git a/cve-list.html b/cve-list.html index a7bb658..5c797df 100644 --- a/cve-list.html +++ b/cve-list.html @@ -9,6 +9,7 @@ This page lists all security vulnerabilities fixed in released versions of Apache Kafka. <h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17196">CVE-2018-17196</a> +Authenticated clients with Write permission may bypass transaction/idempotent ACL validation</h2> <p>In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are