Description

Apache Kafka is an open-source distributed event streaming platform used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications.

Apache Kafka is designed to be accessed by trusted clients inside trusted environments. It's not recommended to have Apache Kafka service publicly accessible.

Remediation

It's recommended to restrict access to this service in production systems.

References

Kafka Security

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4593)

WebPageTest Unauthorized Access Vulnerability

GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.11)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3738)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration