Vulnerability in Apache Kafka

CVE-2019-12399

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in…

EPSS: 0.023 (85.1th percentile) — read the EPSS interpretation.

Affected products

Apache Kafka — versions Apache Kafka 2.0.0, 2.0.1, 2.1.0

References

[kafka-users] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint (mailing-list, x_refsource_MLIST)
[oss-security] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint (mailing-list, x_refsource_MLIST)
[announce] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint (mailing-list, x_refsource_MLIST)
[kafka-dev] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint (mailing-list, x_refsource_MLIST)
[kafka-commits] 20200115 [kafka-site] branch asf-site updated: Add CVE-2019-12399 (#250) (mailing-list, x_refsource_MLIST)
[druid-commits] 20200126 [GitHub] [druid] clintropolis opened a new pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399 (mailing-list, x_refsource_MLIST)
[druid-commits] 20200126 [GitHub] [druid] suneet-s commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399 (mailing-list, x_refsource_MLIST)
[druid-commits] 20200126 [GitHub] [druid] clintropolis commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399 (mailing-list, x_refsource_MLIST)
[druid-commits] 20200126 [GitHub] [druid] clintropolis commented on issue #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399 (mailing-list, x_refsource_MLIST)
[druid-commits] 20200127 [GitHub] [druid] ccaominh opened a new pull request #9261: Address CVE-2019-12399 (mailing-list, x_refsource_MLIST)