Dynamic Application Security TestingCVE-2024-32030 KAFKA UI RCE
Description
CVE-2024-32030 is a remote code execution vulnerability in Apache Kafka UI, an open-source web interface for managing Apache Kafka. It is vulnerable to RCE due to a flaw in its JMX connection feature. Attackers can exploit this vulnerability by connecting Kafka UI to a malicious broker that returns a serialized object containing malicious code. This can lead to unauthorized access, data theft, and disruption of Kafka UI services.
References
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2024-11-11 | 24.30000 |
New
|
Apache Kafka UI is vulnerable to remote code execution due to JMX connection feature, allowing attackers to execute arbitrary code on the system. |
| ID | 101 |
| CVE ID | |
| Category | web |
| Sub Category | apache-kafka |
| Date | Sep 18, 2024 |
| Risk |
|
| Alias | command injection |
| Type | OWASP injection |
| CVSS | 8.1 |
| Author |
Aparna Jha |