Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache Software Foundation | Apache Kafka | 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2 |
| Apache Software Foundation | Apache Kafka | 1.0.0, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2 |
| Maven | org.apache.kafka:kafka | 0, 0 |
Timeline
- Jul 26, 2018 CVE Published
- Aug 2, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Oct 8, 2021 EPSS Score
- Oct 24, 2021 EPSS Score
- Dec 25, 2021 EPSS Score
- Feb 25, 2022 EPSS Score
- Apr 28, 2022 EPSS Score
- Jun 29, 2022 EPSS Score
- Nov 1, 2022 EPSS Score
- Jan 2, 2023 EPSS Score
References
- [kafka-users] 20180726 CVE-2018-1288: Authenticated Kafka clients may interfere with data replication mailing-listx_refsource_MLIST
- 104900 vdb-entryx_refsource_BID
- RHSA-2018:3768 vendor-advisoryx_refsource_REDHAT
- [kafka-commits] 20190802 [kafka-site] branch asf-site updated: Add CVE-2018-17196, fix some links. (#223) mailing-listx_refsource_MLIST
- [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities mailing-listx_refsource_MLIST
- [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities mailing-listx_refsource_MLIST
- [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities mailing-listx_refsource_MLIST
- [flink-issues] 20200402 [GitHub] [flink] zentol opened a new pull request #11617: [FLINK-16389][kafka] Bump kafka version to 0.10.2.2 mailing-listx_refsource_MLIST
- x_refsource_MISC
- [kafka-dev] 20211007 Re: CVE Back Port? mailing-listx_refsource_MLIST
- https://nvd.nist.gov/vuln/detail/CVE-2018-1288 advisory