BIT-ZOOKEEPER-2023-44981 Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

CVE-2023-44981

A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...

CVE-2023-44981

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

DEBIAN-CVE-2023-44981

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

Apache ZooKeeper < 3.4.10, 3.5.0-alpha - 3.5.3-beta Quorum Peer Mutual Authentication Vulnerability

Apache ZooKeeper is prone to a Quorum Peer mutual authentication vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program...