Techly NewsGet the app

Get the latest tech news

How to Get Remote Code Execution in Kafka UI


In this blog post, we'll explain how we discovered three critical vulnerabilities in Kafka UI and how they can be exploited.

In my security research, I was curious, perhaps I can find a way not only to see the messages sent to Kafka, but also read files, discover credentials or even get a Remote Code Execution (RCE). Later, we discovered that the same vulnerability had been reported by another researcher, who had already published an exploit for it even before the fix was released, leaving a lot of Kafka UI instances unprotected. So, to reproduce this, you would need to use Kafka UI to connect to the malicious broker bootstrap address host.internal.docker:9093 as I explained above and set the JMX port option to 1718.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Kafka

Kafka

Related news:

News photo

Show HN: Kaskade – A text user interface for Kafka

News photo

The Special Challenges of Attempting a New Translation of Kafka

News photo

Estimating Pi with Kafka streams

« Apple Sports App for iPhone Updated With MLS and MLB Improvements
US Wins Math Olympiad For First Time In 21 Years »