Thursday, October 3, 2024
3 ways to get Remote Code Execution in Kafka UI
When I first encountered Kafka UI, I was thrilled that such a dangerous functionality is exposed without authentication. After some time I discovered different ways to turn it to Remote Code Execution.
Here is the technical analysis of these vulnerabilities in my GitHub blog: https://github.blog/security/vulnerability-research/3-ways-to-get-remote-code-execution-in-kafka-ui/
Posted by Michael Stepankin at 3:48:00 AM