[
https://issues.apache.org/jira/browse/KAFKA-14696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mickael Maison resolved KAFKA-14696.
Resolution: Fixed
> CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service att
MillieZhang created KAFKA-14696:
---
Summary: CVE-2023-25194: Apache Kafka: Possible RCE/Denial of
service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect
Key: KAFKA-14696
URL: https
Severity: important
Description:
A possible security vulnerability has been identified in Apache Kafka
Connect. This requires access to a Kafka Connect worker,
and the ability to create/modify connectors on it with an arbitrary
Kafka client SASL JAAS config and a SASL-based security protocol,