Impacted Versions
- Confluent Platform versions < 7.5.15, 7.6.12, 7.7.10, 7.8.9, 7.9.8.
Recommended Action
- Upgrade to Confluent Platform versions 7.5.15, 7.6.12, 7.7.10, 7.8.9, 7.9.8
Issue
A security issue has been identified to impact Confluent Platform caused by a flaw in the Open Source, third-party component ZooKeeper. Due to this issue, an instantiation of Confluent Platform components can result in un-obfuscated sensitive information to be displayed in standard output and exposed to any downstream logging pipelines.
Mitigation
There are currently no known mitigations.
Remediation
This issue is resolved in the CP patch release versions 7.5.15, 7.6.12, 7.7.10, 7.8.9, 7.9.8. The updated version of the third-party dependency ZooKeeper adequately addresses this issue, as the vulnerable logging statement was removed. Please upgrade to Confluent Platform versions 7.5.15, 7.6.12, 7.7.10, 7.8.9, 7.9.8.
CVSS Scores:
- Original: 7.5 (CVSS v3.1 Calculator)
- Adjusted 4.5 (Adjusted CVSS v3.1 Calculator)