漏洞描述
Kafka 未授权访问漏洞是指由于缺乏适当的访问控制配置,任何用户无需认证就可以连接到 Kafka 集群。这通常是由于未配置 SASL(Simple Authentication and Security Layer)或 SSL/TLS,而是运行在默认设置下,从而导致 Kafka 实例对所有网络访问开放。
Kafka 未授权访问漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2023-25194: Apache Druid Kafka Connect - Remote Code Execution
- POC CVE-2023-52251: Kafka UI 0.7.1 Command Injection
- POC CVE-2025-27817: Apache Kafka 客户端任意文件读取
- POC kafka-center-default-password: Apache Kafka Center Default Password
- POC kafka-center-default-login: Apache Kafka Center Default Login
- POC kafka-manager-unauth: Kafka Manager Panel - Unauthorized Access
- POC kafka-cruise-control: Kafka Cruise Control UI
- POC unauth-apache-kafka-ui: Apache Kafka - Unauthorized UI Exposure
- Apache Kafka Connect /connectors 文件读取漏洞(CVE-2025-27817)
- Kafka Connect 存在任意文件读取漏洞(CVE-2025-27817)
- Kafka Connect 任意文件读取漏洞
- Apache Kafka UI 需授权 反序列化漏洞
- Kafka 弱口令漏洞