Lucene search
K

31 matches found

RedHat Linux
RedHat Linux
added 2024/05/21 2:18 p.m.5 views

zookeeper: Authorization Bypass in Apache ZooKeeper

A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...

9.1CVSS7.1AI score0.01713EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 6:26 a.m.51 views

Security Bulletin: IBM Event Streams is affected by authorization bypass through user-controlled key vulnerability ( CVE-2023-44981).

Summary This security vulnerability in Apache ZooKeeper could allow an attacker to bypass security restrictions on the system, caused by a flaw when SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true. This bulletin identifies the steps to take to address the...

9.1CVSS9.1AI score0.01713EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/03/06 11:8 a.m.43 views

BIT-ZOOKEEPER-2023-44981 Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

9.1CVSS9.2AI score0.01713EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/02/20 11:42 a.m.2 views

zookeeper: Authorization Bypass in Apache ZooKeeper

A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...

9.1CVSS7.1AI score0.01713EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/02/06 1:14 p.m.4 views

zookeeper: Authorization Bypass in Apache ZooKeeper

A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...

9.1CVSS7.1AI score0.01713EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2024/01/16 4:50 p.m.59 views

USN-6559-1: ZooKeeper vulnerabilities

It was discovered that ZooKeeper incorrectly handled authorization for the getACL command. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2019-0201 Damien Diederen discovered that ZooKeeper...

9.1CVSS6.9AI score0.09634EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/12/10 12:0 a.m.35 views

FreeBSD : apache -- Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication (2bc376c0-977e-11ee-b4bc-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2bc376c0-977e-11ee-b4bc-b42e991fc52e advisory. - Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Pe...

9.1CVSS7.1AI score0.01713EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 8:57 a.m.30 views

Security Bulletin: Due to the use of Apache ZooKeeper, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to security bypass.

Summary Apache ZooKeeper is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-44981 Vulnerability Details CVEID:CVE-2023-44981 DESCRIPTION: Apache ZooKeeper could allow a remote attacker to bypass security restrictions, caused by a flaw when SASL Quorum Peer...

9.1CVSS9.1AI score0.01713EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/12/06 11:30 p.m.2 views

zookeeper: Authorization Bypass in Apache ZooKeeper

A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...

9.1CVSS7.1AI score0.01713EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 2:49 p.m.30 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache ZooKeeper

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache ZooKeeper. Vulnerability Details CVEID: CVE-2023-44981 DESCRIPTION: Apache ZooKeeper could allow a remote attacker to bypass security restrictions, caused by a flaw when SASL Quorum Peer...

9.1CVSS6.8AI score0.01713EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.42 views

Debian DSA-5544-1 : zookeeper - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5544 advisory. Damien Diederen discovered that SASL quorum peer authentication within Zookeeper, a service for maintaining configuration information, was insufficiently enforced in...

9.1CVSS6.8AI score0.01713EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2023/11/01 12:0 a.m.31 views

Debian: Security Advisory (DSA-5544-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS9.5AI score0.01713EPSS
Exploits0References4
Debian
Debian
added 2023/10/31 7:29 p.m.55 views

[SECURITY] [DSA 5544-1] zookeeper security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5544-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 31, 2023 https://www.debian.org/security/faq -...

9.1CVSS6.9AI score0.01713EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.30 views

Debian dla-3624 : libzookeeper-java - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3624 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3624-1 [email protected] https://www.debian.org/lts/security/...

9.1CVSS7.1AI score0.01713EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.44 views

Apache ZooKeeper 3.7.x < 3.7.2, 3.8.x < 3.8.3, 3.9.x < 3.9.1 Authorization Bypass

The version of Apache ZooKeeper listening on the remote host is prior to 3.7.2, 3.8.x prior to 3.8.3 or 3.9.x prior to 3.9.1. It is, therefore, affected by the following: - Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is...

9.1CVSS7.1AI score0.01713EPSS
Exploits0References2
OSV
OSV
added 2023/10/19 6:29 a.m.46 views

BIT-2023-44981

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

9.1CVSS7AI score0.01713EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/17 12:0 a.m.6 views

The vulnerability of the SASL Quorum Peer authentication function in the centralized service for supporting configuration information, naming, distributed synchronization, and providing group services via Apache ZooKeeper allows attackers to circumvent security restrictions and gain read, modify, or delete access to data.

The vulnerability of the SASL Quorum Peer authentication function in the centralized service for supporting configuration information, naming, distributed synchronization, and providing group services via Apache ZooKeeper is related to the ability to bypass authentication by using a user-controll...

5.5CVSS6.6AI score0.01713EPSS
Exploits0References5Affected Software2
RedhatCVE
RedhatCVE
added 2023/10/12 1:13 a.m.38 views

CVE-2023-44981

A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...

9.1CVSS9AI score0.01713EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/10/11 12:30 p.m.37 views

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

9.1CVSS9.2AI score0.01713EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2023/10/11 12:15 p.m.27 views

CVE-2023-44981

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

9.1CVSS9.3AI score0.01713EPSS
Exploits0References5
Rows per page
Query Builder