CVE-2018-1288
MEDIUMApache Kafka <1.0.0 - Privilege Escalation
Title source: llmDescription
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
Exploits (1)
References (10)
Scores
CVSS v3
5.4
EPSS
0.0069
EPSS Percentile
71.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Details
Status
published
Products (11)
apache/kafka
1.0.0
apache/kafka
0.9.0.0 - 0.9.0.1
oracle/database
11.2.0.4
oracle/database
12.1.0.2
oracle/database
12.2.0.1
oracle/database
18c
oracle/database
19c
oracle/primavera_p6_enterprise_project_portfolio_management
19.12.0.0 - 19.12.6.0
oracle/timesten_in-memory_database
< 18.1.2.1.0
org.apache.kafka/kafka
0.9.0.0 - 0.10.2.2Maven
... and 1 more
Published
Jul 26, 2018
Tracked Since
Feb 18, 2026