1226467 – (CVE-2024-36543) VUL-0: CVE-2024-36543: kafka: malicious connector steal Kafka SASL credentials querying the MirrorMaker Kafka REST API

Bug 1226467 (CVE-2024-36543) - VUL-0: CVE-2024-36543: kafka: malicious connector steal Kafka SASL credentials querying the MirrorMaker Kafka REST API

Summary: VUL-0: CVE-2024-36543: kafka: malicious connector steal Kafka SASL credential...

Status:	NEW

Alias:	CVE-2024-36543

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Michał Rostecki
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/411138/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-06-18 08:21 UTC by SMASH SMASH
Modified:	2024-06-18 09:15 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SMASH SMASH 2024-06-18 08:21:50 UTC

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially steal Kafka SASL credentials, by querying the MirrorMaker Kafka REST API.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-36543
https://www.cve.org/CVERecord?id=CVE-2024-36543
http://strimzi.com
https://github.com/almounah/vulnerability-research/tree/main/CVE-2024-36543
https://bugzilla.redhat.com/show_bug.cgi?id=2292856