资产安全
商业安全
安全服务
返回- 发布日期2020-01-13
- 感知时间2020-01-13
- 漏洞类型安全更新
- 风险等级未知
- 更新版本2.0.2, 2.1.2, 2.2.2, 2.3.1 and later
- 情报贡献TSRC
Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are<br>configured with one or more config providers, and a connector is created/updated on <br>that Connect cluster to use an externalized secret variable in a substring of a <br>connector configuration property value (the externalized secret variable is not the<br>whole configuration property value), then any client can issue a request to <br>the same Connect cluster to obtain the connector's task configurations and <br>the response will contain the plaintext secret rather than the externalized secrets variable.<br>Users should upgrade to 2.0.2 or higher, 2.1.2 or higher, 2.2.2 or higher, or 2.3.1 or higher<br>where this vulnerability has been fixed.
Apache Kafka是一个分布式发布 - 订阅消息系统和一个强大的队列,可以处理大量的数据,并使你能够将消息从一个端点传递到另一个端点。 Kafka适合离线和在线消息消费。 Kafka消息保留在磁盘上,并在群集内复制以防止数据丢失。 Kafka构建在ZooKeeper同步服务之上。 它与Apache Storm和Spark非常好地集成,用于实时流式数据分析。
CVE-2019-12399
暂无
暂无
http://kafka.apache.org/cve-list
微信扫码关注公众号
