1. CVE-Search
  2. CVE-2018-1288
ID CVE-2018-1288
Summary In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:kafka:0.9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.11.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.11.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.11.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.11.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.11.0.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.11.0.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.11.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.11.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.11.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.11.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.11.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.11.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.11.0.1:-:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.11.0.1:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.11.0.1:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.11.0.1:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.11.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.11.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.11.0.2:-:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.11.0.2:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.11.0.2:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.11.0.2:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.0.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.0.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.0.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.0.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.0.0:rc6:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.0.0:rc6:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.0.1:-:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.0.1:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.0.1:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.0.1:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.0.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.0.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.0.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.0.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.1.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.1.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.1.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.1.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.1.1:-:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.1.1:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.1.1:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.2.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.2.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.2.1:-:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.2.1:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.2.1:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.2.1:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.2.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.2.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.2.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.2.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:kafka:0.10.2.1:rc3:*:*:*:*:*:*
    cpe:2.3:a:apache:kafka:0.10.2.1:rc3:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:*:*:*:*:middleware:*:*
    cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:*:*:*:*:middleware:*:*
  • cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database:18c:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database:18c:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database:19c:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database:19c:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:timesten_in-memory_database:-:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:timesten_in-memory_database:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:timesten_in-memory_database:11.2.2.8.27:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:timesten_in-memory_database:11.2.2.8.27:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:timesten_in-memory_database:11.2.2.8.49:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:timesten_in-memory_database:11.2.2.8.49:*:*:*:*:*:*:*
CVSS
Base: 5.5 (as of 18-04-2022 - 17:31)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:P/A:P
redhat via4
advisories
rhsa
id RHSA-2018:3768
refmap via4
bid 104900
misc https://www.oracle.com/security-alerts/cpujul2020.html
mlist
  • [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
  • [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
  • [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
  • [flink-issues] 20200402 [GitHub] [flink] zentol opened a new pull request #11617: [FLINK-16389][kafka] Bump kafka version to 0.10.2.2
  • [kafka-commits] 20190802 [kafka-site] branch asf-site updated: Add CVE-2018-17196, fix some links. (#223)
  • [kafka-users] 20180726 CVE-2018-1288: Authenticated Kafka clients may interfere with data replication
Last major update 18-04-2022 - 17:31
Published 26-07-2018 - 14:29
Last modified 18-04-2022 - 17:31
Back to Top