Medium severity5.4NVD Advisory· Published Jul 26, 2018· Updated Jun 17, 2026
CVE-2018-1288
CVE-2018-1288
Description
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.kafka:kafkaMaven | >= 0.9.0.0, < 0.10.2.2 | 0.10.2.2 |
org.apache.kafka:kafkaMaven | >= 0.11.0.0, < 0.11.0.3 | 0.11.0.3 |
org.apache.kafka:kafkaMaven | >= 1.0.0, < 1.0.1 | 1.0.1 |
Affected products
17- ghsa-coords16 versionspkg:maven/org.apache.kafka/kafkapkg:rpm/opensuse/kafka-source&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ardana-monasca&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-monasca&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-spark&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-spark&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/kafka&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/kafka&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/kafka&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/kafka&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/logstash&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/monasca-installer&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-monasca-api&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-monasca-api&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-monasca-api&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
>= 0.9.0.0, < 0.10.2.2+ 15 more
- (no CPE)range: >= 0.9.0.0, < 0.10.2.2
- (no CPE)range: < 2.1.0-3.6
- (no CPE)range: < 8.0+git.1535031421.9262a47-3.12.1
- (no CPE)range: < 8.0+git.1535031421.9262a47-3.12.1
- (no CPE)range: < 8.0+git.1534267176.a5f3a22-3.6.1
- (no CPE)range: < 8.0+git.1534267176.a5f3a22-3.6.1
- (no CPE)range: < 4.5.1-1.8.1
- (no CPE)range: < 0.10.2.2-5.6.1
- (no CPE)range: < 0.10.2.2-5.1
- (no CPE)range: < 0.10.2.2-5.6.1
- (no CPE)range: < 0.10.2.2-5.6.1
- (no CPE)range: < 2.4.1-5.1
- (no CPE)range: < 20180608_12.47-9.1
- (no CPE)range: < 2.2.1~dev24-3.6.1
- (no CPE)range: < 2.2.1~dev24-3.6.1
- (no CPE)range: < 2.2.1~dev24-3.6.1
- Apache Software Foundation/Apache Kafkav5Range: 0.9.0.0 to 0.9.0.1
Patches
Vulnerability mechanics
References
19- www.oracle.com/security-alerts/cpujul2020.htmlnvdPatchThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:3768nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-gh27-38p5-mrxcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1288ghsaADVISORY
- www.securityfocus.com/bid/104900nvdBroken LinkWEB
- lists.apache.org/thread.html/29f61337323f48c47d4b41d74b9e452bd60e65d0e5103af9a6bb2fef@%3Cusers.kafka.apache.org%3EghsaWEB
- lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3EghsaWEB
- lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3EghsaWEB
- lists.apache.org/thread.html/d1581fb6464c9bec8a72575c01f5097d68e2fbb230aff24622622a58@%3Ccommits.kafka.apache.org%3EghsaWEB
- lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r07e1bbd1643847d599feb34c707906a4fdcc81e3a6ab01a10c451d40@%3Cissues.flink.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c@%3Cdev.kafka.apache.org%3EghsaWEB
- lists.apache.org/thread.html/29f61337323f48c47d4b41d74b9e452bd60e65d0e5103af9a6bb2fef%40%3Cusers.kafka.apache.org%3Envd
- lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Envd
- lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Envd
- lists.apache.org/thread.html/d1581fb6464c9bec8a72575c01f5097d68e2fbb230aff24622622a58%40%3Ccommits.kafka.apache.org%3Envd
- lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Envd
- lists.apache.org/thread.html/r07e1bbd1643847d599feb34c707906a4fdcc81e3a6ab01a10c451d40%40%3Cissues.flink.apache.org%3Envd
- lists.apache.org/thread.html/r35322aec467ddae34002690edaa4d9f16e7df9b5bf7164869b75b62c%40%3Cdev.kafka.apache.org%3Envd
News mentions
0No linked articles in our index yet.