20 matches found
Security Bulletin: IBM Event Streams is affected by authorization bypass through user-controlled key vulnerability ( CVE-2023-44981).
Summary This security vulnerability in Apache ZooKeeper could allow an attacker to bypass security restrictions on the system, caused by a flaw when SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true. This bulletin identifies the steps to take to address the...
zookeeper: Authorization Bypass in Apache ZooKeeper
A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...
zookeeper: Authorization Bypass in Apache ZooKeeper
A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...
USN-6559-1: ZooKeeper vulnerabilities
It was discovered that ZooKeeper incorrectly handled authorization for the getACL command. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2019-0201 Damien Diederen discovered that ZooKeeper...
FreeBSD : apache -- Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication (2bc376c0-977e-11ee-b4bc-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2bc376c0-977e-11ee-b4bc-b42e991fc52e advisory. - Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Pe...
Security Bulletin: Due to the use of Apache ZooKeeper, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to security bypass.
Summary Apache ZooKeeper is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-44981 Vulnerability Details CVEID:CVE-2023-44981 DESCRIPTION: Apache ZooKeeper could allow a remote attacker to bypass security restrictions, caused by a flaw when SASL Quorum Peer...
zookeeper: Authorization Bypass in Apache ZooKeeper
A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache ZooKeeper
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache ZooKeeper. Vulnerability Details CVEID: CVE-2023-44981 DESCRIPTION: Apache ZooKeeper could allow a remote attacker to bypass security restrictions, caused by a flaw when SASL Quorum Peer...
Debian: Security Advisory (DSA-5544-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-5544-1 : zookeeper - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5544 advisory. Damien Diederen discovered that SASL quorum peer authentication within Zookeeper, a service for maintaining configuration information, was insufficiently enforced in...
Apache ZooKeeper 3.7.x < 3.7.2, 3.8.x < 3.8.3, 3.9.x < 3.9.1 Authorization Bypass
The version of Apache ZooKeeper listening on the remote host is prior to 3.7.2, 3.8.x prior to 3.8.3 or 3.9.x prior to 3.9.1. It is, therefore, affected by the following: - Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is...
Debian dla-3624 : libzookeeper-java - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3624 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3624-1 [email protected] https://www.debian.org/lts/security/...
BIT-2023-44981
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...
CVE-2023-44981 Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...
CVE-2023-44981
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...
CVE-2023-44981 Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...
CVE-2023-44981
CVE-2023-44981 (Apache ZooKeeper) : Authorization bypass through a user-controlled SASL ID when quorum peer authentication is enabled (quorum.auth.enableSasl=true). If the instance part of the SASL ID is missing (e.g., [email protected]), authorization checks are skipped, allowing an arbitrary endp...
Apache ZooKeeper Security Vulnerability
Apache Zookeeper is a software project of the Apache Foundation that provides open source distributed configuration services, synchronization services, and named registries for large-scale distributed computing. A security vulnerability exists in Apache ZooKeeper versions prior to 3.9.1, 3.8.3, a...
apache -- Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
[email protected] reports: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is liste...