How to handle Kafka CVE-2023-25194 when MSK does not support the patched version

0

Apache recently released a report on CVE-2023-25194 - POSSIBLE RCE/DENIAL OF SERVICE ATTACK VIA SASL JAAS JNDILOGINMODULE CONFIGURATION USING KAFKA CONNECT

We are using MSK for Kafka. The fixed version for this vulnerability (3.4.0) is not yet available in MSK. I'm hoping someone can help me understand what we can do about this vulnerability.

Topics

Analytics AWS Well-Architected Framework

Tags

Amazon Managed Streaming for Apache Kafka (Amazon MSK)Security

Language

English

rePost-User-3514592

asked a year ago250 views

1 Answer

Newest
Most votes
Most comments

1

As state in CVE-2023-25194 this is an issue with Apache Kafka Connect. Do you use the MKS Connect?

answered a year ago

Relevant content

How to connect to public Amazon MSK cluster using SASL SCRAM using Confluent C# Kafka
amazon_msk_user
asked 2 months ago
Support for SASL OAUTHBEARER for MSK
AWS-User-9862324
asked 2 years ago
How does AWS MSK handle Apache Kafka version end of support?
Accepted Answer
AWS-user-Radhika
asked a year ago
issue enabling SASL/SCRAM authentication on MSK
nrafp
asked 2 years ago
How do I troubleshoot common issues when using my Amazon MSK cluster with SASL/SCRAM authentication?
AWS OFFICIALUpdated 2 years ago
How do I use the Kafka-Kinesis-Connector to connect to my Amazon MSK cluster?
AWS OFFICIALUpdated 5 months ago
How do I troubleshoot Lambda triggers that poll from MSK and self-managed Kafka clusters?
AWS OFFICIALUpdated a year ago
When does AWS release new SOC reports, and how can I download the latest report using AWS Artifact?
AWS OFFICIALUpdated 3 years ago
How to e-mail OpenSearch reports and dashboards via opensearch-reporting-cli
EXPERT
Sohaib Katariwala
published 2 months ago
Amazon GameLift releases a new version of the server SDKs and game engine plugins
EXPERT
Sachin
published 3 months ago