In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.apache.kafka:kafka-clients(Maven) | 0.10.0.0 | 0.10.2.2 | N/A |
| org.apache.kafka:kafka-clients(Maven) | 0.11.0.0 | 0.11.0.2 | N/A |
CVSS Metrics
