Aiven-Open/klaw

GitHub

github.com

www.klaw-project.io

Releases23

Frequency2 months 9 hours

Last Release 22 days ago

Stars194

Klaw, the latest OS tool by Aiven, helps enterprises cope with Apache Kafka(r) topics, schema registry and connectors governance by introducing roles/authorizations to users of various teams of an org.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-44367 ↗	Jun 2, 2026Tuesday, 2 June 2026, 16:16	2.7 LOW	—
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service (DoS) and complete account lockout. This issue has been patched in version 2.10.4.
CVE-2026-45080 ↗	Jun 2, 2026Tuesday, 2 June 2026, 16:16	—	—
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4.
CVE-2026-25999 ↗	Feb 11, 2026Wednesday, 11 February 2026, 21:16	7.1 HIGH	—
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to 2.10.2, there is an improper access control vulnerability that allows unauthorized users to trigger a reset or deletion of metadata for any tenant. By sending a crafted request to the /resetMemoryCache endpoint, an attacker can clear cached configurations, environments, and cluster data. This vulnerability is fixed in 2.10.2.