| Description: | | The Apache Kafka UI API allows users to connect to different Kafka brokers by specifying a network address and port, and provides the ability to monitor Kafka brokers performance by connecting to its JMX port, which is based on the RMI protocol and therefore may be vulnerable to deserialization attacks. With Kafka-UI not enabled with authentication by default, a threat could create a malicious JMX listener that returns a malicious serialized object for any RMI call, and successful exploitation of the vulnerability could result in remote code execution. The vulnerability requires the configuration of a malicious host, but the added host cannot be distinguished from a normal service host or a malicious host. Therefore, some false positives may occur and need to be analyzed based on the actual situation. |