Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially steal Kafka SASL credentials, by querying the MirrorMaker Kafka REST API.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-06-17T00:00:00
Updated: 2024-08-02T03:37:05.364Z
Reserved: 2024-05-30T00:00:00
Link: CVE-2024-36543
Vulnrichment
Updated: 2024-06-18T13:58:35.754Z
NVD
Status : Awaiting Analysis
Published: 2024-06-17T19:15:58.353
Modified: 2024-11-21T09:22:23.217
Link: CVE-2024-36543
Redhat
No data.