Kafbat Kafka-UI Unsafe Deserialization Vulnerability Leading to Remote Code Execution
Vulnerability
A remote code execution vulnerability has been identified in Kafbat Kafka-UI version 1.0.0, stemming from an unsafe deserialization issue. This vulnerability allows any unauthenticated user to execute arbitrary code on the server. The problem arises when Kafka-UI connects to a malicious Kafka cluster and retrieves metrics via JMX, enabling the execution of harmful payloads.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the Kafka-UI server.
Reproduction
To reproduce this vulnerability, upload a malicious Kafka cluster that can be accessed from the Kafka-UI container. Then, in the Kafka-UI 'Metrics' configuration, select JMX as the metrics type and submit the form. This action prompts Kafka-UI to connect to the specified JMX server of the malicious Kafka cluster, where the uploaded payload can be executed.
Remediation
Users can upgrade to Kafbat Kafka-UI version 1.1.0, which addresses this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.