CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
92.7%
A vulnerability in the centralized service for maintaining configuration information, naming, providing
Apache ZooKeeper’s centralized service for maintaining configuration information and naming, providing distributed synchronization, and providing group services is related to the lack of ACL checks when a persistent observer is triggered.
ACL checks when a persistent observer is triggered. Exploitation of the vulnerability could allow
An attacker acting remotely could gain access to sensitive information
Centralized service vulnerability for maintaining configuration information, naming, providing distributed synchronization and group provisioning.
distributed synchronization and provisioning of Apache ZooKeeper group services exists due to
Lack of authentication when joining a quorum. Exploitation of the vulnerability could allow
an attacker acting remotely to write arbitrary files to the operating system of a vulnerable
device
Vulnerability in the implementation of the wchp/wchc centralized service command to maintain configuration information,
naming, providing distributed synchronization and provisioning of Apache ZooKeeper group services
is related to a lack of authentication for a critical function. Exploitation of the vulnerability could allow
An attacker acting remotely to cause a denial of service
Vulnerability in the implementation of the getACL() command of a centralized service to maintain configuration information,
naming, providing distributed synchronization and provisioning of Apache ZooKeeper group services
is related to permission handling errors. Exploitation of the vulnerability could allow an attacker,
acting remotely, to expose certain hash function values
Vulnerability in the SASL Quorum Peer authentication function of a centralized service to support information about the
configuration, naming, providing distributed synchronization, and providing group services
Apache ZooKeeper is related to bypassing authorization through the use of a key controlled by the
by the user. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions and gain read access.
security restrictions and gain access to read, modify, or delete data
Centralized service vulnerability to support configuration information, naming, providing
distributed synchronization, and provisioning of Apache ZooKeeper group services is related to the use of the
“cmd:” batch mode syntax. Exploitation of the vulnerability could allow an attacker acting
remotely to impact the confidentiality and integrity of the system
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
92.7%