10 matches found
ROS-20241203-10
Vulnerability in the IPAuthenticationProvider component of a centralized service for maintaining configuration information and providing distributed synchronization and group services. configuration, naming, providing distributed synchronization and provisioning of group services Apache ZooKeeper...
BIT-ZOOKEEPER-2024-51504 Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...
Apache ZooKeeper Authentication Bypass Vulnerability
Apache ZooKeeper is a centralized service under the Apache Software Foundation for maintaining configuration information, naming, providing distributed synchronization, and providing group services. An authentication bypass vulnerability exists in Apache ZooKeeper versions prior to 3.9.3. The...
Apache ZooKeeper 3.9.x < 3.9.3 Authentication Bypass
The version of Apache ZooKeeper listening on the remote host is 3.9.x prior to 3.9.3. It is, therefore, affected by an authentication bypass vulnerability: - When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only...
CVE-2024-51504
An authentication bypass vulnerability was found in Apache Zookeeper. The default configuration of the client's IP address detection in IPAuthenticationProvider, which uses HTTP request headers, is weak and allows an attacker to bypass authentication by spoofing the client's IP address in request...
CVE-2024-51504
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...
CVE-2024-51504
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...
CVE-2024-51504
CVE-2024-51504 affects ZooKeeper Admin Server via IPAuthenticationProvider. Default IP detection uses HTTP headers (X-Forwarded-For) and can be spoofed, leading to authentication bypass for IP-based auth. Admin commands like snapshot/restore may be exploited after bypass. Impact: potential inform...
CVE-2024-51504 Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...
CVE-2024-51504
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...