Blockchain

Critical RCE Vulnerabilities Discovered in Kafka UI



Peter Zhang
Jul 22, 2024 15:37

Researchers identified three critical remote code execution (RCE) vulnerabilities in Kafka UI. Users are advised to upgrade to version 0.7.2 to mitigate risks.



Critical RCE Vulnerabilities Discovered in Kafka UI

Researchers have uncovered three critical remote code execution (RCE) vulnerabilities in Kafka UI, an open source web application used for managing and monitoring Apache Kafka clusters, according to The GitHub Blog. These vulnerabilities have been addressed in the latest release, version 0.7.2, and users are strongly encouraged to update their systems to mitigate potential exploits.

CVE-2023-52251: RCE via Groovy Script Execution

The first vulnerability, identified as CVE-2023-52251, leverages the message filtering functionality within Kafka UI. Attackers can use the GROOVY_SCRIPT filter type to execute arbitrary Groovy scripts, leading to potential RCE. The exploit can be initiated through a simple HTTP GET request, making it highly accessible. The vulnerability was reported in November 2023 and patched in April 2024.

CVE-2024-32030: RCE via JMX Connector

The second vulnerability, CVE-2024-32030, involves the Java Management Extensions (JMX) connector used by Kafka UI to monitor Kafka brokers. If the dynamic.config.enabled setting is activated, attackers can configure Kafka UI to connect to a malicious JMX server, leading to deserialization attacks. This vulnerability was also fixed in the 0.7.2 release.

CVE-2023-25194: RCE via JndiLoginModule

The third vulnerability, CVE-2023-25194, exploits the JndiLoginModule for authentication. Attackers can manipulate cluster properties to trigger RCE. This issue is only exploitable if the dynamic.config.enabled property is set to true. The fix was included in the 0.7.2 release, prohibiting the use of the JndiLoginModule.

Kafka UI users are advised to upgrade to version 0.7.2 to secure their systems against these critical vulnerabilities. The fixes include updating dependencies and adding stricter controls to prevent potential exploits.

Image source: Shutterstock



Source link

Related Articles

Do you run a company that want to build a new website and are looking for a web agency in Sweden that can do the job? At Partna you can get connected to experienced web agencies that are interested in helping you with your website development. Partna is an online service where you simply post your web development needs in order to get business offers from skilled web agencies in Sweden. Instead of reaching out to hundreds of agencies by yourself, let up to 5 web agencies come to you via Partna.
Back to top button