← voltar
CVE-2026-44367

Klaw: user lockout due to case sensitivity inconsistency

CVSS 2.7 LOWEPSS 0.2%CWE-178CWE-20
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service (DoS) and complete account lockout. This issue has been patched in version 2.10.4.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Produtos afetados
Aiven-Open · klaw

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Aiven-Open/klaw/releases/tag/v2.10.4https://github.com/Aiven-Open/klaw/security/advisories/GHSA-75rx-m9vh-mm9p