CVE-2018-17196 — HIGH (8.8)

Q: How severe is CVE-2018-17196?

CVE-2018-17196 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-17196?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Kafka.

Vulnerability Description

In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Kafka	>= 0.11.0.0, <= 2.1.0

References

FAQ

What is CVE-2018-17196?

CVE-2018-17196 is a vulnerability with a CVSS score of 8.8 (HIGH). In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write perm...

How severe is CVE-2018-17196?

CVE-2018-17196 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-17196?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Kafka.