EUVD-2019-0443

Malware in sbrugna...

K94504224: Apache ZooKeeper vulnerability CVE-2019-0201

Security Advisory Description An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeepers getACL command doesnt check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string...

Security Bulletin: Apache ZooKeeper as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2019-0201)

Summary Apache ZooKeeper as used by IBM QRadar SIEM is vulnerable to information disclosure. Vulnerability Details CVEID: CVE-2019-0201 DESCRIPTION: Apache ZooKeeper could allow a remote attacker to obtain sensitive information, caused by the failure to check permissions by the getACL command. By...

Access control bypass in Apache ZooKeeper

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper?s getACL command doesn?t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider...

Information Disclosure

Apache ZooKeeper is affected by unauthorized information disclosure. getACL command does not check permissions when retrieving the ACLs of the requested node. Consequently, plaintext information contained in the ACL Id field is returned. This allows an attacker to retrieve users' Id and...

PT-2019-5356 · Apache +3 · Apache Zookeeper +3

Name of the Vulnerable Software and Affected Versions: Apache ZooKeeper versions 1.0.0 through 3.4.13 Apache ZooKeeper versions 3.5.0-alpha through 3.5.4-beta Description: The issue is related to ZooKeeper’s getACL command, which does not check any permission when retrieving the ACLs of the...