What is CVE-2018-17196?

CVE-2018-17196 is a vulnerability in Apache Kafka versions between 0.11.0.0 and 2.1.0 that allows authenticated clients with Write permission on specific topics to bypass transaction/idempotent ACL validation.

How severe is CVE-2018-17196?

CVE-2018-17196 has a severity rating of 8.8 (high).

How can I exploit CVE-2018-17196?

To exploit CVE-2018-17196, you need to manually craft a Produce request and have authenticated client credentials with Write permission on the affected topics.

What should I do to fix CVE-2018-17196?

To fix CVE-2018-17196, it is recommended to upgrade Apache Kafka to version 2.1.0 or later.

Where can I find more information about CVE-2018-17196?

For more information about CVE-2018-17196, you can refer to the following references: - http://www.securityfocus.com/bid/109139 - https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E - https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

Vulnerability/
CVE-2018-17196

high

8.8

11/7/2019

5/8/2024

CVE-2018-17196

First published: Thu Jul 11 2019(Updated: )

In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.

Credit: security@apache.org

Affected Software	Affected Version	How to fix
Apache Kafka	>=0.11.0.0<=2.1.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-17196?
CVE-2018-17196 is a vulnerability in Apache Kafka versions between 0.11.0.0 and 2.1.0 that allows authenticated clients with Write permission on specific topics to bypass transaction/idempotent ACL validation.
How severe is CVE-2018-17196?
CVE-2018-17196 has a severity rating of 8.8 (high).
How can I exploit CVE-2018-17196?
To exploit CVE-2018-17196, you need to manually craft a Produce request and have authenticated client credentials with Write permission on the affected topics.
What should I do to fix CVE-2018-17196?
To fix CVE-2018-17196, it is recommended to upgrade Apache Kafka to version 2.1.0 or later.
Where can I find more information about CVE-2018-17196?
For more information about CVE-2018-17196, you can refer to the following references: - http://www.securityfocus.com/bid/109139 - https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E - https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

collector/nvd-index
agent/references
agent/author
agent/severity
agent/type
agent/event
agent/tags
agent/description
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
vendor/apache
canonical/apache kafka
version/apache kafka/0.11.0.0
version/apache kafka/2.1.0