CVE-2023-44981

CVE-2023-44981 (Apache ZooKeeper) : Authorization bypass through a user-controlled SASL ID when quorum peer authentication is enabled (quorum.auth.enableSasl=true). If the instance part of the SASL ID is missing (e.g., [email protected]), authorization checks are skipped, allowing an arbitrary endp...

CVE-2018-8012

CVE-2018-8012 affects Apache ZooKeeper: no authentication/authorization is enforced when a server attempts to join a quorum (before 3.4.10 and 3.5.0-alpha to 3.5.3-beta). This allows an arbitrary endpoint to join the cluster and propagate counterfeit changes to the leader. IBM and related advisor...