[kafka-site] branch asf-site updated: MINOR: Update CVE-2023-25194 details

Thu, 18 May 2023 09:27:27 -0700 

This is an automated email from the ASF dual-hosted git repository.

manikumar pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/kafka-site.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new 9db09131 MINOR: Update CVE-2023-25194 details
9db09131 is described below

commit 9db091312714a5497dd78eaa2518eeae6d5ba444
Author: Manikumar Reddy <[email protected]>
AuthorDate: Thu May 18 21:56:22 2023 +0530

    MINOR: Update CVE-2023-25194 details
---
 cve-list.html | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/cve-list.html b/cve-list.html
index 01f6cc17..3d90e0f8 100644
--- a/cve-list.html
+++ b/cve-list.html
@@ -9,9 +9,9 @@
 
 This page lists all security vulnerabilities fixed in released versions of 
Apache Kafka.
 
-      <h2 id="CVE-2023-25194"><a 
href="https://nvd.nist.gov/vuln/detail/CVE-2023-25194";>CVE-2023-25194</a> 
Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule 
configuration using Kafka Connect  </h2>
+      <h2 id="CVE-2023-25194"><a 
href="https://nvd.nist.gov/vuln/detail/CVE-2023-25194";>CVE-2023-25194</a> 
Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule 
configuration using Apache Kafka Connect API  </h2>
 
-      <p>A possible security vulnerability has been identified in Apache Kafka 
Connect.
+      <p>A possible security vulnerability has been identified in Apache Kafka 
Connect API.
         This requires access to a Kafka Connect worker, and the ability to 
create/modify connectors on it with an arbitrary Kafka client SASL JAAS config
         and a SASL-based security protocol, which has been possible on Kafka 
Connect clusters since Apache Kafka 2.3.0. This will allow to perform JNDI 
requests
         that result in Denial of service/remote code execution.
@@ -21,11 +21,11 @@ This page lists all security vulnerabilities fixed in 
released versions of Apach
         <tbody>
         <tr>
           <td>Versions affected</td>
-          <td>2.3.0 - 3.3.2</td>
+          <td>Apache Kafka Connect API (<a 
href="https://mvnrepository.com/artifact/org.apache.kafka/connect-api";>connect-api</a>,<a
 
href="https://mvnrepository.com/artifact/org.apache.kafka/connect-runtime";>connect-runtime</a>)
 : 2.3.0 - 3.3.2</td>
         </tr>
         <tr>
           <td>Fixed versions</td>
-          <td>3.4.0</td>
+          <td>Apache Kafka Connect API (<a 
href="https://mvnrepository.com/artifact/org.apache.kafka/connect-api";>connect-api</a>,<a
 
href="https://mvnrepository.com/artifact/org.apache.kafka/connect-runtime";>connect-runtime</a>)
 : 3.4.0</td>
         </tr>
         <tr>
           <td>Impact</td>

Reply via email to