CVE-2019-0201
CVE-2019-0201 affects Apache ZooKeeper up to versions 3.4.13 and 3.5.4-beta, where getACL() does not enforce permissions and returns the ACL Id in plaintext. When Digest Authentication is in use, the unsalted hash value contained in the Id field can be disclosed to unauthenticated or unprivileged...