From Consensus to Chaos: A Vulnerability Assessment of the RAFT Algorithm

In recent decades, the RAFT distributed consensus algorithm has become a main pillar of the distributed systems ecosystem, ensuring data consistency and fault tolerance across multiple nodes. Although the fact that RAFT is well known for its simplicity, reliability, and efficiency, its security...

Linux Distros Unpatched Vulnerability : CVE-2020-15106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file a...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the raft server protocol. An attacker can access sensitive server resources, including directories and files, by sending unauthenticated requests. Remediatio...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the raft server protocol. An attacker can access sensitive server resources, including directories and files, by sending unauthenticated requests. Remediatio...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the raft server protocol. An attacker can access sensitive server resources, including directories and files, by sending unauthenticated requests. Remediatio...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview org.apache.zeppelin:zeppelin-server is a web-based notebook that enables interactive data analytics. You can make beautiful data-driven, interactive and collaborative documents with SQL, Scala and more. Affected versions of this package are vulnerable to Exposure of Sensitive System...

CVE-2024-41169 Apache Zeppelin: raft directory listing and file read

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removin...

GHSA-MF27-WG66-M8F5 A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages.

A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service DoS via a Raft session flooding attack using Raft OpenSessionRequest messages...