Back to bug 2216516
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Chess Hazlett | 2023-06-21 16:28:59 UTC | CC | aileenc, eric.wittmann, janstey, jpavlik, pantinor, peholase | |
| Paige Jung | 2023-06-21 16:30:12 UTC | Doc Text | Apache Kafka Connect's REST API permitted configuration of a SASL property by an authed operator, which then could allow connection to a malicious LDAP server and subsequent deserialization of malicious content. An authed attacker could use this flaw to attain denial of service or even execution of arbitrary code on the server, given presence of vulnerable classes on the server's classpath. | A flaw was found in Apache Kafka Connect's REST API that permits configuration of SASL property by an authenticated operator, which could allow connection to a malicious LDAP server and subsequent deserialization of malicious content. This issue could allow an authenticated attacker to cause a denial of service or execute arbitrary code on the server, given presence of vulnerable classes on the server's classpath. |
| Red Hat Bugzilla | 2023-07-07 08:28:21 UTC | Assignee | security-response-team | nobody |
| Red Hat Bugzilla | 2023-07-21 22:26:27 UTC | CC | jpavlik |
Back to bug 2216516