Red Hat Kroxylicious
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Kroxylicious.
By the Year
In 2026 there have been 0 vulnerabilities in Red Hat Kroxylicious. Kroxylicious did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 5.90 |
It may take a day or so for new Kroxylicious vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Kroxylicious Security Vulnerabilities
Kroxylicious TLS Hostname Verification Bypass
CVE-2024-8285
5.9 - Medium
- August 30, 2024
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. This issue is considered a high complexity attack, with additional high privileges required, as the attack would need access to the Kroxylicious configuration or a peer system. The result of a successful attack impacts both data integrity and confidentiality.
Improper Validation of Certificate with Host Mismatch
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Kroxylicious or by Red Hat? Click the Watch button to subscribe.
