CVE-2018-1288 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-1288 Interim 1 11 2022-11-27T01:22:41Z current 2021-05-30T14:07:02Z 2022-11-27T01:22:41Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-1288 In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2020-June/006950.html E-Mail link for SUSE-CU-2020:196-1 https://lists.suse.com/pipermail/sle-security-updates/2020-June/006952.html E-Mail link for SUSE-CU-2020:198-1 https://lists.suse.com/pipermail/sle-security-updates/2020-June/006954.html E-Mail link for SUSE-CU-2020:200-1 https://lists.suse.com/pipermail/sle-security-updates/2020-June/006955.html E-Mail link for SUSE-CU-2020:201-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007995.html E-Mail link for SUSE-CU-2020:789-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007998.html E-Mail link for SUSE-CU-2020:793-1 https://lists.suse.com/pipermail/sle-security-updates/2018-August/004502.html E-Mail link for SUSE-SU-2018:2536-1 https://lists.suse.com/pipermail/sle-security-updates/2018-October/004812.html E-Mail link for SUSE-SU-2018:3563-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 openSUSE Tumbleweed ardana-monasca-8.0+git.1535031421.9262a47-3.12.1 ardana-spark-8.0+git.1534267176.a5f3a22-3.6.1 grafana-4.5.1-1.8.1 kafka-0.10.2.2-5.1 kafka-0.10.2.2-5.6.1 kafka-source-2.1.0-3.6 logstash-2.4.1-5.1 monasca-installer-20180608_12.47-9.1 openstack-monasca-api-2.2.1~dev24-3.6.1 python-monasca-api-2.2.1~dev24-3.6.1 ardana-monasca-8.0+git.1535031421.9262a47-3.12.1 as a component of HPE Helion OpenStack 8 ardana-spark-8.0+git.1534267176.a5f3a22-3.6.1 as a component of HPE Helion OpenStack 8 kafka-0.10.2.2-5.6.1 as a component of HPE Helion OpenStack 8 openstack-monasca-api-2.2.1~dev24-3.6.1 as a component of HPE Helion OpenStack 8 python-monasca-api-2.2.1~dev24-3.6.1 as a component of HPE Helion OpenStack 8 grafana-4.5.1-1.8.1 as a component of SUSE OpenStack Cloud 7 kafka-0.10.2.2-5.1 as a component of SUSE OpenStack Cloud 7 logstash-2.4.1-5.1 as a component of SUSE OpenStack Cloud 7 monasca-installer-20180608_12.47-9.1 as a component of SUSE OpenStack Cloud 7 ardana-monasca-8.0+git.1535031421.9262a47-3.12.1 as a component of SUSE OpenStack Cloud 8 ardana-spark-8.0+git.1534267176.a5f3a22-3.6.1 as a component of SUSE OpenStack Cloud 8 kafka-0.10.2.2-5.6.1 as a component of SUSE OpenStack Cloud 8 openstack-monasca-api-2.2.1~dev24-3.6.1 as a component of SUSE OpenStack Cloud 8 python-monasca-api-2.2.1~dev24-3.6.1 as a component of SUSE OpenStack Cloud 8 kafka-0.10.2.2-5.6.1 as a component of SUSE OpenStack Cloud Crowbar 8 openstack-monasca-api-2.2.1~dev24-3.6.1 as a component of SUSE OpenStack Cloud Crowbar 8 python-monasca-api-2.2.1~dev24-3.6.1 as a component of SUSE OpenStack Cloud Crowbar 8 kafka-source-2.1.0-3.6 as a component of openSUSE Tumbleweed In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. CVE-2018-1288 HPE Helion OpenStack 8:ardana-monasca-8.0+git.1535031421.9262a47-3.12.1 HPE Helion OpenStack 8:ardana-spark-8.0+git.1534267176.a5f3a22-3.6.1 HPE Helion OpenStack 8:kafka-0.10.2.2-5.6.1 HPE Helion OpenStack 8:openstack-monasca-api-2.2.1~dev24-3.6.1 HPE Helion OpenStack 8:python-monasca-api-2.2.1~dev24-3.6.1 SUSE OpenStack Cloud 7:grafana-4.5.1-1.8.1 SUSE OpenStack Cloud 7:kafka-0.10.2.2-5.1 SUSE OpenStack Cloud 7:logstash-2.4.1-5.1 SUSE OpenStack Cloud 7:monasca-installer-20180608_12.47-9.1 SUSE OpenStack Cloud 8:ardana-monasca-8.0+git.1535031421.9262a47-3.12.1 SUSE OpenStack Cloud 8:ardana-spark-8.0+git.1534267176.a5f3a22-3.6.1 SUSE OpenStack Cloud 8:kafka-0.10.2.2-5.6.1 SUSE OpenStack Cloud 8:openstack-monasca-api-2.2.1~dev24-3.6.1 SUSE OpenStack Cloud 8:python-monasca-api-2.2.1~dev24-3.6.1 SUSE OpenStack Cloud Crowbar 8:kafka-0.10.2.2-5.6.1 SUSE OpenStack Cloud Crowbar 8:openstack-monasca-api-2.2.1~dev24-3.6.1 SUSE OpenStack Cloud Crowbar 8:python-monasca-api-2.2.1~dev24-3.6.1 openSUSE Tumbleweed:kafka-source-2.1.0-3.6 important 5.5 AV:N/AC:L/Au:S/C:N/I:P/A:P 8.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H