CVE-2018-17196 is a vulnerability in Apache Kafka
Published on July 11, 2019

In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.

NVD

Products Associated with CVE-2018-17196

Want to know whenever a new CVE is published for Apache Kafka? stack.watch will email you.

Apache Kafka

Affected Versions

Apache Kafka Version 0.11.0.0 to 2.1.0 is affected by CVE-2018-17196

Exploit Probability

EPSS

0.38%

Percentile

59.10%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-17196 is a vulnerability in Apache KafkaPublished on July 11, 2019

Products Associated with CVE-2018-17196

Affected Versions

Exploit Probability

CVE-2018-17196 is a vulnerability in Apache Kafka
Published on July 11, 2019