Cve-2024-32030

Generated with sparks and insights from 42 sources

Introduction

CVE-2024-32030 is a critical vulnerability affecting Kafka UI, an open-source web UI for managing Apache Kafka.
The vulnerability allows remote code execution (RCE) by exploiting the JMX metrics collection feature.
An attacker can exploit this by connecting Kafka UI backend to a malicious broker, leading to deserialization attacks.
The issue is particularly dangerous as Kafka UI does not have authentication enabled by default.
The vulnerability is addressed in Kafka UI version 0.7.2; users are advised to upgrade immediately.
There are no known workarounds for this vulnerability.

CVE-2024-32030 affects Kafka UI, an open-source web UI for managing Apache Kafka.
The vulnerability is due to the JMX metrics collection feature, which is susceptible to deserialization attacks.
An attacker can exploit this by connecting Kafka UI backend to a malicious broker.
The dynamic.config.enabled property, if set, increases the risk of exploitation.
The issue is tracked as GHSL-2023-230 by the GitHub Security Lab.

An attacker exploiting this vulnerability could gain complete control over the Kafka UI server.
Potential impacts include data theft, disruption of operations, installation of malware, and pivoting to other systems.
The vulnerability is particularly severe due to the critical role Kafka UI plays in managing Kafka clusters.
The impact could lead to data breaches, system downtime, and more.
The vulnerability allows remote code execution by an unauthenticated attacker if certain conditions are met.

There is no evidence that a public proof-of-concept exists for this vulnerability.
No known proof of exploitation has been reported at the moment.
The vulnerability can be exploited if the dynamic.config.enabled property is enabled or if the attacker has access to the Kafka cluster connected to Kafka UI.
Exploitation involves connecting Kafka UI backend to a malicious broker.
The vulnerability is inherently linked to the JMX monitoring feature.

A patch addressing this vulnerability is available in Kafka UI version 0.7.2 and later releases.
Users are advised to upgrade to Kafka UI version 0.7.2 or later as soon as possible.
There are no known workarounds for this vulnerability.
Upgrading to the patched version is the only recommended mitigation.
The issue has been addressed by the GitHub Security Lab.

The CVSS base score for CVE-2024-32030 is 8.1, indicating a high severity level.
The vulnerability allows remote code execution, which is a critical impact.
The CVSS vector string is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.
The EPSS score for this vulnerability is 0.05%, placing it in the 15.5th percentile.
NVD Analysts have not yet published a CVSS score for this CVE.

CVE-2023-52251: Another remote code execution vulnerability in UI for Apache Kafka.
CVE-2024-30030: Win32k Elevation of Privilege Vulnerability.
CVE-2024-4098: Local File Inclusion vulnerability in Shariff Wrapper plugin for WordPress.
CVE-2022-23829: Potential weakness in AMD SPI protection features.
CVE-2024-37212: Cross-Site Request Forgery (CSRF) vulnerability in Ali2Woo Lite.
CVE-2023-38389: Incorrect Authorization vulnerability in Artbees JupiterX Core.
CVE-2024-32030: Remote code execution in Kafka UI.
CVE-2024-32030: Deserialization vulnerability in provectus kafka-ui up to 0.7.1.