What is CVE-2024-32030?

CVE-2024-32030 is a high-severity vulnerability in Provectus Kafka-ui, classified under Code Injection. CVSS score: 8.1/10. Published 2024-06-19.

How severe is CVE-2024-32030?

High severity. CVSS v3 base score is 8.1 out of 10.

Is CVE-2024-32030 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Provectus Kafka-ui

CVE-2024-32030

Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allows users to connect to different Kafka brokers by specifying their network address and port. As a separate feature, it also provides the ability to monitor the…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.817 (99.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Provectus Kafka-ui — versions < 0.7.2

Weakness classification (CWE)

Public proof-of-concept exploits

References

https://securitylab.github.com/advisories/GHSL-2023-229_GHSL-2023-230_kafka-ui/ (x_refsource_CONFIRM)
https://github.com/provectus/kafka-ui/pull/4427 (x_refsource_MISC)
https://github.com/provectus/kafka-ui/commit/83b5a60cc08501b570a0c4d0b4cdfceb1b88d6b7#diff-37e769f4709c1e78c076a5949bbcead74e969725bfd89c7c4ba6d6f229a411e6R36 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-32030?: CVE-2024-32030 is a high-severity vulnerability in Provectus Kafka-ui, classified under Code Injection. CVSS score: 8.1/10. Published 2024-06-19.
How severe is CVE-2024-32030?: High severity. CVSS v3 base score is 8.1 out of 10.
Is CVE-2024-32030 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.