Lucene search

K
redhatcveRedhat.comRH:CVE-2023-44981
HistoryOct 12, 2023 - 1:13 a.m.

CVE-2023-44981

2023-10-1201:13:03
redhat.com
access.redhat.com
24
apache
zookeeper
authorization bypass
sasl
quorum peer
authentication
firewall
mitigation

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.004

Percentile

72.6%

A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instance part in SASL authentication ID (which is optional), therefore, the server would skip this check and as a result, join the cluster and propagate information with complete read and write access.

Mitigation

According to Apache's document: Ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.004

Percentile

72.6%