subject:"CVE\-2023\-25194\: Apache Kafka\: Possible RCE\/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect"

[jira] [Resolved] (KAFKA-14696) CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect

2023-02-14 Thread Mickael Maison (Jira)

[ https://issues.apache.org/jira/browse/KAFKA-14696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mickael Maison resolved KAFKA-14696. Resolution: Fixed > CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service att

[jira] [Created] (KAFKA-14696) CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect

2023-02-09 Thread MillieZhang (Jira)

MillieZhang created KAFKA-14696: --- Summary: CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect Key: KAFKA-14696 URL: https

CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect

2023-02-07 Thread Manikumar

Severity: important Description: A possible security vulnerability has been identified in Apache Kafka Connect. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol,