Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How to handle Kafka CVE-2023-25194 when MSK does not support the patched version

0

Apache recently released a report on CVE-2023-25194 - POSSIBLE RCE/DENIAL OF SERVICE ATTACK VIA SASL JAAS JNDILOGINMODULE CONFIGURATION USING KAFKA CONNECT

We are using MSK for Kafka. The fixed version for this vulnerability (3.4.0) is not yet available in MSK. I'm hoping someone can help me understand what we can do about this vulnerability.

Topics
AnalyticsAWS Well-Architected Framework
Tags
Amazon Managed Streaming for Apache Kafka (Amazon MSK)Security
Language
English
asked 3 years ago562 views
1 Answer
1

As state in CVE-2023-25194 this is an issue with Apache Kafka Connect. Do you use the MKS Connect?

AWS
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content