CNNVD-202601-2768 Information
CNNVD ID
CNNVD-202601-2768
Related CVE
- CNNVD Published: 2026-01-16
Description (Chinese)
Kafka Connect BigQuery Connector是Aiven Open开源的一个高性能数据同步中间件。 Kafka Connect BigQuery Connector 2.11.0之前版本存在代码问题漏洞,该漏洞源于服务在将外部来源的凭据配置传递给身份验证库之前未对其进行验证,可能导致任意文件读取或服务端请求伪造攻击。
Description (English)
Kafka Connect BigQuery Contractor is a high-performance synchronised middle for the Aiven Open open source. Kafka Connect BigQuery Contractor 2.11.0 had a code problem loophole, which stemmed from the failure of the service to verify the external sources ’ documented configuration before it was passed to the identification repository, which could lead to arbitrary document reading or a request from the service side for a false attack.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Aiven Open
Published
2026-01-16
Last Modified
2026-02-24
References
https://docs.cloud.google.com/support/bulletins#gcp-2025-005 https://github.com/Aiven-Open/bigquery-connector-for-apache-kafka/commit/20ea3921c6fe72d605a033c1943b20f49eaba981 https://github.com/Aiven-Open/bigquery-connector-for-apache-kafka/releases/tag/v2.11.0 https://github.com/Aiven-Open/bigquery-connector-for-apache-kafka/security/advisories/GHSA-3mg8-2g53-5gj4 https://access.redhat.com/security/cve/cve-2026-23529
Patch
https://github.com/Aiven-Open/bigquery-connector-for-apache-kafka/releases/tag/v2.11.0
Share on: