| Vulnerability | Apache Kafka Connect remote code execution vulnerability (CVE-2023-25194) |
|---|---|
| Chinese name | Apache Druid Kafka Connect 远程代码执行漏洞(CVE-2023-25194) |
| CVSS core | 8.8 |
| FOFA Query (click to view the results directly) | app="APACHE-Druid" |
| Number of assets affected | 2935 |
| Description | Apache Druid is an open source distributed data storage and analysis system. It is designed to handle large-scale real-time data and provide fast interactive query and analysis.Apache Druid uses the vulnerable Kafka Connect. An attacker can access the Kafka Connect Worker and create or modify the connector by setting the sasl.jaas.config attribute to a malicious class, which can lead to a JNDI injection vulnerability. This vulnerability can be used Execute code arbitrarily on the server side, write backdoors, obtain server permissions, and then control the entire web server. |
| Impact | Apache Druid uses the vulnerable Kafka Connect. An attacker can access the Kafka Connect Worker and create or modify the connector by setting the sasl.jaas.config attribute to a malicious class, which can lead to a JNDI injection vulnerability. This vulnerability can be used Execute code arbitrarily on the server side, write backdoors, obtain server permissions, and then control the entire web server. |
