io.strimzi:strimzi 0.49.1

Direct Vulnerabilities

Known vulnerabilities in the io.strimzi:strimzi package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Following of a Certificate's Chain of Trust Affected versions of this package are vulnerable to Improper Following of a Certificate's Chain of Trust in the mTLS user authentication with multiple CA certificates. An attacker can gain unauthorized access by presenting a certificate signed by any certificate authority in the provided chain. How to fix Improper Following of a Certificate's Chain of Trust? Upgrade `io.strimzi:strimzi` to version 0.50.1 or higher.	[0.49.0,0.50.1)
H Improper Following of a Certificate's Chain of Trust Affected versions of this package are vulnerable to Improper Following of a Certificate's Chain of Trust in the Kafka Connect and MirrorMaker 2 operands with multiple CA certificates. An attacker can gain unauthorized access by presenting a server certificate signed by any CA in the chain, rather than only the final trusted CA. How to fix Improper Following of a Certificate's Chain of Trust? Upgrade `io.strimzi:strimzi` to version 0.50.1 or higher.	[0.47.0,0.50.1)
M Missing Authentication for Critical Function Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to incorrect access control in the Kafka Connect REST API. An attacker can deny service, mirror topics' content to an unauthorized Kafka cluster, and potentially steal Kafka SASL credentials by querying the MirrorMaker Kafka REST API. How to fix Missing Authentication for Critical Function? There is no fixed version for `io.strimzi:strimzi`.	[0,)

Vulnerability

Vulnerable Version

Improper Following of a Certificate's Chain of Trust

Affected versions of this package are vulnerable to Improper Following of a Certificate's Chain of Trust in the mTLS user authentication with multiple CA certificates. An attacker can gain unauthorized access by presenting a certificate signed by any certificate authority in the provided chain.

How to fix Improper Following of a Certificate's Chain of Trust?

Upgrade io.strimzi:strimzi to version 0.50.1 or higher.

[0.49.0,0.50.1)

Improper Following of a Certificate's Chain of Trust

Affected versions of this package are vulnerable to Improper Following of a Certificate's Chain of Trust in the Kafka Connect and MirrorMaker 2 operands with multiple CA certificates. An attacker can gain unauthorized access by presenting a server certificate signed by any CA in the chain, rather than only the final trusted CA.

How to fix Improper Following of a Certificate's Chain of Trust?

Upgrade io.strimzi:strimzi to version 0.50.1 or higher.

[0.47.0,0.50.1)

Missing Authentication for Critical Function

Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to incorrect access control in the Kafka Connect REST API. An attacker can deny service, mirror topics' content to an unauthorized Kafka cluster, and potentially steal Kafka SASL credentials by querying the MirrorMaker Kafka REST API.

How to fix Missing Authentication for Critical Function?

There is no fixed version for io.strimzi:strimzi.

[0,)

io.strimzi:strimzi@0.49.1

latest version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically