Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Wed, 13 Nov 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:amq_streams:2 | |
References |
|
Tue, 01 Oct 2024 13:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
Wed, 25 Sep 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat kroxylicious
|
|
Weaknesses | CWE-295 | |
CPEs | cpe:2.3:a:redhat:kroxylicious:-:*:*:*:*:*:*:* | |
Vendors & Products |
Redhat kroxylicious
|
Tue, 03 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 30 Aug 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. This issue is considered a high complexity attack, with additional high privileges required, as the attack would need access to the Kroxylicious configuration or a peer system. The result of a successful attack impacts both data integrity and confidentiality. |
Title | kroxylicious: Missing upstream Kafka TLS hostname verification | Kroxylicious: missing upstream kafka tls hostname verification |
First Time appeared |
Redhat
Redhat amq Streams |
|
CPEs | cpe:/a:redhat:amq_streams:1 | |
Vendors & Products |
Redhat
Redhat amq Streams |
|
References |
|
Fri, 30 Aug 2024 01:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | kroxylicious: Missing upstream Kafka TLS hostname verification | |
Weaknesses | CWE-297 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-08-30T22:53:02.326Z
Reserved: 2024-08-28T19:38:52.128Z
Link: CVE-2024-8285

Updated: 2024-09-03T13:31:58.981Z

Status : Modified
Published: 2024-08-30T22:15:06.963
Modified: 2024-11-13T17:15:12.503
Link: CVE-2024-8285


No data.