CVE-2023-25194 Information

Description

A possible security vulnerability has been identified in Apache Kafka Connect. This requires access to a Kafka Connect worker and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol which has been possible on Kafka Connect clusters since Apache Kafka 2.3.0. When configuring the connector via the Kafka Connect REST API an authenticated operator can set the sasl.jaas.config property for any of the connector’s Kafka clients to ## Reference https://kafka.apache.org/cve-list https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz