使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

How to handle Kafka CVE-2023-25194 when MSK does not support the patched version

0

Apache recently released a report on CVE-2023-25194 - POSSIBLE RCE/DENIAL OF SERVICE ATTACK VIA SASL JAAS JNDILOGINMODULE CONFIGURATION USING KAFKA CONNECT

We are using MSK for Kafka. The fixed version for this vulnerability (3.4.0) is not yet available in MSK. I'm hoping someone can help me understand what we can do about this vulnerability.

主題
分析AWS Well-Architected Framework
標籤
Amazon Managed Streaming for Apache Kafka (Amazon MSK)安全性
語言
English
rePost-User-3514592
已提問 1 年前檢視次數 257 次
1 個回答
1

As state in CVE-2023-25194 this is an issue with Apache Kafka Connect. Do you use the MKS Connect?

profile pictureAWS
Ibrahim Cesar
已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容