{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0.10.0.0" }, { "last_affected": "0.10.2.1" }, { "introduced": "0.11.0.0" }, { "last_affected": "0.11.0.1" } ] }, "events": [ { "introduced": "b8642491e78c5a137f5012e31d347c01f3b02339" }, { "last_affected": "e89bffd6b2eff799713f560074c657f3f522cd85" }, { "introduced": "e18335dd953107a61d89451932de33d33c0fd207" }, { "last_affected": "c2a0d5f9b1f45bf59552b360fc2b39884357a698" } ], "repo": "https://github.com/apache/kafka", "type": "GIT" } ] } ], "details": "In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.", "id": "CVE-2017-12610", "modified": "2026-04-01T23:07:55.549997400Z", "published": "2018-07-26T14:29:00.327Z", "references": [ { "type": "WEB", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/b6157be1a09df332294213bd21e90dcf9fe4c1810193be54620e4210%40%3Cusers.kafka.apache.org%3E" }, { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/104899" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "type": "CVSS_V3" } ] }