Kartik Goyal created KAFKA-17107:
------------------------------------
Summary: Backport of PR-15327
Key: KAFKA-17107
URL: https://issues.apache.org/jira/browse/KAFKA-17107
Project: Kafka
Issue Type: Bug
Affects Versions: 3.5.1
Reporter: Kartik Goyal
Assignee: Kartik Goyal
Fix For: 3.6.2
Due to Potential incorrect access control during migration from ZK mode to
KRaft mode, The following CVE
* [https://nvd.nist.gov/vuln/detail/CVE-2024-27309]
is present in Kafka versions <3.6.2. Further details are present here:
[https://github.com/advisories/GHSA-79vv-vp32-gpp7]
As a user of Kafka 3.5.1, I want to backport the fix from Kafka 3.6.2 to
strengthen the security posture of v3.5.1
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
