Base Score

MEDIUM5.4

CVE-2018-1288

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

VectorNETWORK

Published Bysecurity@apache.org

Published DateJul 26, 2018, 14:29

Affected Versions(3)

org.apache.kafka:kafka(Maven)

Introduced0.9.0.0

Fixed0.10.2.2

LimitN/A

org.apache.kafka:kafka(Maven)

Introduced0.11.0.0

Fixed0.11.0.3

LimitN/A

org.apache.kafka:kafka(Maven)

Introduced1.0.0

Fixed1.0.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.kafka:kafka(Maven)	0.9.0.0	0.10.2.2	N/A
org.apache.kafka:kafka(Maven)	0.11.0.0	0.11.0.3	N/A
org.apache.kafka:kafka(Maven)	1.0.0	1.0.1	N/A

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

5.4

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

LOW

References

Base Score

MEDIUM5.4

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

5.4

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

LOW