CVE Published: 26/07/2018 |
CVE Updated: 17/09/2024 |
CVE Year: 2017 Source: apache |
Vendor: Apache Software Foundation |
Product: Apache Kafka Status : PUBLISHED
CVE-2017-12610 Description
In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.