5 matches found
GHSA-CCQF-C5HQ-77MP Missing Authorization in Apache ZooKeeper
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader...
Apache ZooKeeper < 3.4.14, 3.5.0-alpha - 3.5.4-beta Information Disclosure Vulnerability
Apache ZooKeeper is prone to an information disclosure vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Access control bypass in Apache ZooKeeper
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper?s getACL command doesn?t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider...
UBUNTU-CVE-2019-0201
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider...
PT-2019-5356 · Apache +3 · Apache Zookeeper +3
Name of the Vulnerable Software and Affected Versions: Apache ZooKeeper versions 1.0.0 through 3.4.13 Apache ZooKeeper versions 3.5.0-alpha through 3.5.4-beta Description: The issue is related to ZooKeeper’s getACL command, which does not check any permission when retrieving the ACLs of the...