Apache Druid Kafka Connect RCE Scanner

Vulnerability Overview

CVE-2023-25194 identifies a significant security flaw in Apache Druid's Kafka Connect, where unsafe deserialization of user-supplied data allows remote authenticated attackers to execute arbitrary code on the host system. This vulnerability stems from the insecure handling of object deserialization during the connector's configuration process through the Kafka Connect REST API.

Vulnerability Details

The vulnerability arises within the process of configuring the connector through the Kafka Connect REST API, where unsafe deserialization occurs. Attackers can craft malicious payloads that, when deserialized, execute arbitrary code on the server hosting the Apache Druid instance. This issue requires that the attacker has authenticated access to the Kafka Connect REST API.

Possible Effects

Exploiting this vulnerability can lead to:

• Unauthorized code execution on the server.
• Potential compromise of the server hosting the Apache Druid instance.
• Unauthorized access to data processed or managed by Apache Druid and Kafka Connect.

Why Choose SecurityForEveryone

SecurityForEveryone offers comprehensive vulnerability scanning solutions tailored to modern technological landscapes, including complex ecosystems like Apache Druid and Kafka. Subscribing to our platform provides:

• Advanced scanning capabilities to detect and mitigate vulnerabilities like CVE-2023-25194.
• Detailed reports and actionable insights for effective vulnerability management.
• Continuous security monitoring to safeguard your infrastructure against emerging threats.

References

• CVE-2023-25194 on CVE Mitre
• Apache Kafka Security Advisory