Primary

Context

Klaw Improper Access Control Vulnerability Allowing Password Hash Disclosure

Vulnerability

Patched

An improper access control vulnerability has been identified in Klaw, a self-service Apache Kafka topic management tool, in versions through 2.10.3. This vulnerability allows for the unauthorized disclosure of password hashes. The issue has been addressed in version 2.10.4, where the affected endpoint was removed from the application.

Impact

The vulnerability could lead to the unauthorized disclosure of password hashes, potentially allowing for password cracking or unauthorized access.

Remediation

Users can upgrade to Klaw version 2.10.4 to address this vulnerability. The release is available on the Klaw GitHub repository.

Added: Jun 2, 2026, 4:42 PM

Updated: Jun 2, 2026, 4:42 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Klaw Improper Access Control Vulnerability Allowing Password Hash Disclosure

Vulnerability

Impact

Remediation

Affected Products

Aiven-Open Klaw

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating