When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apache kafka 2.0.1 |
||
apache kafka 2.1.1 |
||
apache kafka 2.2.0 |
||
apache kafka 2.2.1 |
||
apache kafka 2.3.0 |
||
apache kafka 2.0.0 |
||
apache kafka 2.1.0 |
||
oracle financial services analytical applications infrastructure |
||
oracle banking platform 2.7.0 |
||
oracle flexcube universal banking 14.4.0 |
||
oracle banking virtual account management 14.1.0 |
||
oracle banking virtual account management 14.3.0 |
||
oracle banking virtual account management 14.4.0 |
||
oracle banking trade finance process management 14.1.0 |
||
oracle banking trade finance process management 14.3.0 |
||
oracle banking trade finance process management 14.4.0 |
||
oracle banking supply chain finance |
||
oracle banking liquidity management |
||
oracle banking credit facilities process management 14.1.0 |
||
oracle banking credit facilities process management 14.3.0 |
||
oracle banking credit facilities process management 14.4.0 |
||
oracle banking corporate lending process management 14.3.0 |
||
oracle banking payments 14.4.0 |
||
oracle banking corporate lending process management 14.4.0 |
||
oracle banking corporate lending process management 14.1.0 |
||
oracle communications cloud native core policy 1.9.0 |
||
oracle blockchain platform |
Vulmon