[MAVEN:GHSA-Q2XX-F8R3-9MG5] STRIMZI incorrect access control

Severity High

Affected Packages 1

CVEs 1

Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially steal Kafka SASL credentials, by querying the MirrorMaker Kafka REST API.

Package	Affected Version
pkg:maven/io.strimzi/strimzi	<= 0.41.0

ID: MAVEN:GHSA-Q2XX-F8R3-9MG5
Severity: high
URL: https://github.com/advisories/GHSA-q2xx-f8r3-9mg5
Published: 2024-06-17T21:31:10
(3 months ago)
Modified: 2024-06-18T16:34:18
(3 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2024-36543
			https://github.com/almounah/vulnerability-research/tree/main/CVE-2024-36543
			https://github.com/advisories/GHSA-q2xx-f8r3-9mg5

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/io.strimzi/strimzi	io.strimzi	strimzi	<= 0.41.0

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date