ROS-20240815-05

A vulnerability in the centralized service for maintaining configuration information, naming, providing
Apache ZooKeeper’s centralized service for maintaining configuration information and naming, providing distributed synchronization, and providing group services is related to the lack of ACL checks when a persistent observer is triggered.
ACL checks when a persistent observer is triggered. Exploitation of the vulnerability could allow
An attacker acting remotely could gain access to sensitive information

Centralized service vulnerability for maintaining configuration information, naming, providing distributed synchronization and group provisioning.
distributed synchronization and provisioning of Apache ZooKeeper group services exists due to
Lack of authentication when joining a quorum. Exploitation of the vulnerability could allow
an attacker acting remotely to write arbitrary files to the operating system of a vulnerable
device

Vulnerability in the implementation of the wchp/wchc centralized service command to maintain configuration information,
naming, providing distributed synchronization and provisioning of Apache ZooKeeper group services
is related to a lack of authentication for a critical function. Exploitation of the vulnerability could allow
An attacker acting remotely to cause a denial of service

Vulnerability in the implementation of the getACL() command of a centralized service to maintain configuration information,
naming, providing distributed synchronization and provisioning of Apache ZooKeeper group services
is related to permission handling errors. Exploitation of the vulnerability could allow an attacker,
acting remotely, to expose certain hash function values

Vulnerability in the SASL Quorum Peer authentication function of a centralized service to support information about the
configuration, naming, providing distributed synchronization, and providing group services
Apache ZooKeeper is related to bypassing authorization through the use of a key controlled by the
by the user. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions and gain read access.
security restrictions and gain access to read, modify, or delete data

Centralized service vulnerability to support configuration information, naming, providing
distributed synchronization, and provisioning of Apache ZooKeeper group services is related to the use of the
“cmd:” batch mode syntax. Exploitation of the vulnerability could allow an attacker acting
remotely to impact the confidentiality and integrity of the system