Apache Kafka: Access Control Lists (ACLs) Enforcement Issue - Proactive Insights and Support For Open-Source Applications

In Apache Kafka versions from 3.5.0 through 3.5.2, from 3.6.0 through 3.6.1 a critical vulnerability CVE-2024-27309 was detected. During the migration from ZooKeeper mode to KRaft mode in Apache Kafka, Access Control Lists (ACLs) may not be properly enforced, allowing attackers to bypass access restrictions. The issue is resolved in Apache Kafka versions 3.7.0 and 3.6.2. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-27309/.