Patch Released for CVE-2023-25194 RCE Vulnerability in Apache Kafka
An authenticated attacker can configure the sasl.jaas.config property for any of the connector’s Kafka clients to “ com.sun.security.auth.module.JndiLoginModule “. ... To exploit the CVE-2023-25194 vulnerability, an attacker must have access to a Kafka Connect worker and be able to create and modify connectors that use an arbitrary Kafka client SASL JAAS configuration and a SASL security protocol . CVEs: CVE-2023-25194 [View Article](https://socradar.io/patch-released-for-cve-2023-25194-rce-vulnerability-in-apache-kafka/)