kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cmcc...@apache.org
Subject [kafka-site] branch asf-site updated: Add CVE-2018-17196, fix some links. (#223)
Date Fri, 02 Aug 2019 18:36:26 GMT
This is an automated email from the ASF dual-hosted git repository.

cmccabe pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/kafka-site.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new 9a9f710  Add CVE-2018-17196, fix some links. (#223)
9a9f710 is described below

commit 9a9f710c6e886c7e734986d13a2fb5e54a7242b2
Author: Colin Patrick McCabe <cmccabe@apache.org>
AuthorDate: Fri Aug 2 11:36:18 2019 -0700

    Add CVE-2018-17196, fix some links. (#223)
    
    Fix some links that were pointing to 2.2.
    
    Add CVE-2018-17196 to the cve-list page.
    
    Reviewers: Matthias J. Sax <mjsax@apache.org>
---
 cve-list.html   | 28 ++++++++++++++++++++++++++++
 intro.html      |  2 +-
 protocol.html   |  2 +-
 quickstart.html |  2 +-
 uses.html       |  2 +-
 5 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/cve-list.html b/cve-list.html
index 4b1651e..a7bb658 100644
--- a/cve-list.html
+++ b/cve-list.html
@@ -8,6 +8,34 @@
 
 This page lists all security vulnerabilities fixed in released versions of Apache Kafka.
 
+<h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17196">CVE-2018-17196</a>
+<p>In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually
+craft a Produce request which bypasses transaction/idempotent ACL validation.
+Only authenticated clients with Write permission on the respective topics are
+able to exploit this vulnerability. Users should upgrade to 2.1.1 or later
+where this vulnerability has been fixed.</p>
+
+<table class="data-table">
+<tbody>
+  <tr>
+    <td>Versions affected</td>
+    <td>0.11.0.0 to 2.1.0</td>
+  </tr>
+  <tr>
+    <td>Fixed versions</td>
+    <td>2.1.1 and later</td>
+  </tr>
+  <tr>
+    <td>Impact</td>
+    <td>This issue could result in privilege escalation.</td>
+  </tr>
+  <tr>
+    <td>Issue announced</td>
+    <td>10 July 2019</td>
+  </tr>
+</tbody>
+</table>
+
 <h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1288">CVE-2018-1288</a>
 Authenticated Kafka clients may interfere with data replication</h2>
 
diff --git a/intro.html b/intro.html
index ab71a3c..12544fe 100644
--- a/intro.html
+++ b/intro.html
@@ -5,7 +5,7 @@
   <div class="right">
 		<h1>Introduction</h1>
 <!-- should always link the the latest release's documentation -->
-    <!--#include virtual="22/introduction.html" -->
+    <!--#include virtual="23/introduction.html" -->
 
 <!--#include virtual="includes/_footer.htm" -->
 
diff --git a/protocol.html b/protocol.html
index cdfb66d..f356929 100644
--- a/protocol.html
+++ b/protocol.html
@@ -1,2 +1,2 @@
 <!-- should always link the the latest release's documentation -->
-<!--#include virtual="22/protocol.html" -->
+<!--#include virtual="23/protocol.html" -->
diff --git a/quickstart.html b/quickstart.html
index e7a0f1f..da9da0a 100644
--- a/quickstart.html
+++ b/quickstart.html
@@ -5,7 +5,7 @@
   <div class="right">
     <h1>Quickstart</h1>
 <!-- should always link the the latest release's documentation -->
-    <!--#include virtual="22/quickstart.html" -->
+    <!--#include virtual="23/quickstart.html" -->
 <!--#include virtual="includes/_footer.htm" -->
 <script>
 // Show selected style on nav item
diff --git a/uses.html b/uses.html
index fa07951..f826e33 100644
--- a/uses.html
+++ b/uses.html
@@ -6,7 +6,7 @@
 		<h1>Use cases</h1>
 
 <!-- should always link the the latest release's documentation -->
-<!--#include virtual="22/uses.html" -->
+<!--#include virtual="23/uses.html" -->
 
 <!--#include virtual="includes/_footer.htm" -->
 


Mime
View raw message