The following information is provided to alert you about vulnerabilities in Confluent software. For further inquiries, please email support@confluent.io or submit a ticket using the Support Portal.
Executive Summary
The following Confluent packages are known to have critical/high CVEs:
- com.fasterxml.jackson.core_jackson-databind:2.10.5
- org.eclipse.jetty_jetty-io:9.4.24.v20191120
The following sections provide more detailed information about specific packages and resolutions.
Confluent Platform
The Confluent Platform tar archive, and subsequent docker/deb/rpm packages are affected by the following known CVEs.
com.fasterxml.jackson.core_jackson-databind:2.10.5
- CVEs: CVE-2020-25649 (high, CVSS=7.5)
- Vulnerable docker images and corresponding deb/rpm packages
- confluentinc/cp-base-new, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-enterprise-control-center, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-enterprise-control-center-operator, tags:6.0.1.0
- confluentinc/cp-enterprise-kafka, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-enterprise-replicator, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-enterprise-replicator-executable, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-enterprise-replicator-operator, tags:6.0.1.0
- confluentinc/cp-init-container-operator, tags:6.0.1.0
- confluentinc/cp-kafka, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-kafka-connect, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-kafka-connect-base, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-kafka-mqtt, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-kafka-rest, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-kafkacat, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-ksqldb-cli, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-ksqldb-server, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-ksqldb-server-operator, tags:6.0.1.0
- confluentinc/cp-schema-registry, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-schema-registry-operator, tags:6.0.1.0
- confluentinc/cp-server, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-server-connect, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-server-connect-base, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-server-connect-operator, tags:6.0.1.0
- confluentinc/cp-server-operator, tags:6.0.1.0
- confluentinc/cp-zookeeper, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-zookeeper-operator, tags:6.0.1.0
- Resolution and mitigation: Version 6.0.2 of Confluent Platform will update jackson-databind to 2.10.5.1, which resolves this vulnerability.
org.eclipse.jetty_jetty-io:9.4.24.v20191120
- CVEs: CVE-2020-27216 (high, CVSS=7.8)
- Vulnerable docker images and corresponding deb/rpm packages
- confluentinc/cp-enterprise-control-center, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-enterprise-control-center-operator, tags:6.0.1.0
- confluentinc/cp-enterprise-kafka, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-enterprise-replicator, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-enterprise-replicator-executable, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-enterprise-replicator-operator, tags:6.0.1.0
- confluentinc/cp-kafka, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-kafka-connect, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-kafka-connect-base, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-kafka-mqtt, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-kafka-rest, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-ksqldb-cli, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-ksqldb-server, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-ksqldb-server-operator, tags:6.0.1.0
- confluentinc/cp-schema-registry, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-schema-registry-operator, tags:6.0.1.0
- confluentinc/cp-server, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-server-connect, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-server-connect-base, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-server-connect-operator, tags:6.0.1.0
- confluentinc/cp-server-operator, tags:6.0.1.0
- confluentinc/cp-zookeeper, tags:6.0.1, 6.0.1-1-ubi8
- confluentinc/cp-zookeeper-operator, tags:6.0.1.0
- Resolution and mitigation: Version 6.0.2 of Confluent Platform will update Jetty to 9.4.33.v20201020, which resolves this vulnerability.
Version: 77ba16dd5f469fcf56253bdc01232c25446c4918