Path to dependency file: /streams/upgrade-system-tests-0101/build.gradle
Path to vulnerable library: /.gradle/caches/modules-2/files-2.1/org.apache.kafka/kafka-clients/0.10.1.1/52f03b809c26f9676ddfcf130f13c80dfc929b98/kafka-clients-0.10.1.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.kafka/kafka-clients/0.10.1.1/52f03b809c26f9676ddfcf130f13c80dfc929b98/kafka-clients-0.10.1.1.jar
Path to dependency file: /streams/upgrade-system-tests-0101/build.gradle
Path to vulnerable library: /.gradle/caches/modules-2/files-2.1/org.apache.kafka/kafka-clients/0.10.1.1/52f03b809c26f9676ddfcf130f13c80dfc929b98/kafka-clients-0.10.1.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.kafka/kafka-clients/0.10.1.1/52f03b809c26f9676ddfcf130f13c80dfc929b98/kafka-clients-0.10.1.1.jar
In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.
Library home page: http://kafka.apache.org
Path to dependency file: /streams/upgrade-system-tests-0101/build.gradle
Path to vulnerable library: /.gradle/caches/modules-2/files-2.1/org.apache.kafka/kafka-clients/0.10.1.1/52f03b809c26f9676ddfcf130f13c80dfc929b98/kafka-clients-0.10.1.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.kafka/kafka-clients/0.10.1.1/52f03b809c26f9676ddfcf130f13c80dfc929b98/kafka-clients-0.10.1.1.jar
Found in HEAD commit: 9b4b1490ec6d070b17879bdd976a474544628950
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2017-12610
### Vulnerable Library - kafka-clients-0.10.1.1.jarLibrary home page: http://kafka.apache.org
Path to dependency file: /streams/upgrade-system-tests-0101/build.gradle
Path to vulnerable library: /.gradle/caches/modules-2/files-2.1/org.apache.kafka/kafka-clients/0.10.1.1/52f03b809c26f9676ddfcf130f13c80dfc929b98/kafka-clients-0.10.1.1.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.kafka/kafka-clients/0.10.1.1/52f03b809c26f9676ddfcf130f13c80dfc929b98/kafka-clients-0.10.1.1.jar
Dependency Hierarchy: - :x: **kafka-clients-0.10.1.1.jar** (Vulnerable Library)
Found in HEAD commit: 9b4b1490ec6d070b17879bdd976a474544628950
Found in base branch: trunk
### Vulnerability DetailsIn Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.
Publish Date: 2018-07-26
URL: CVE-2017-12610
### CVSS 3 Score Details (6.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-xm78-4m3g-7wm7
Release Date: 2018-07-26
Fix Resolution: 0.10.2.2
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.