CVE-2018-17196 is a vulnerability in Apache Kafka
Published on July 11, 2019
In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.
Products Associated with CVE-2018-17196
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-17196 are published in Apache Kafka:
Affected Versions
Apache Kafka Version 0.11.0.0 to 2.1.0 is affected by CVE-2018-17196Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.