Description

Apache Kafka is an open-source distributed event streaming platform used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications.

Apache Kafka is designed to be accessed by trusted clients inside trusted environments. It's not recommended to have Apache Kafka service publicly accessible.

Remediation

It's recommended to restrict access to this service in production systems.

References

Kafka Security

Related Vulnerabilities

Tracy debugging tool enabled

Unrestricted access to Kong Gateway API

Unrestricted access to NGINX+ Dashboard

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1860)

WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration