Zookeeper@* Security Vulnerabilities and Issues — Zookeeper@* CVE List

Lucene search

ApacheZookeeper*

7 matches found

CVE•added 2024/03/15 11:15 a.m.•4320 views

CVE-2024-23944

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

5.3CVSS6AI score0.00021EPSS

CVE•added 2023/10/11 12:15 p.m.•416 views

CVE-2023-44981

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

9.1CVSS9.3AI score0.00025EPSS

CVE•added 2019/05/23 2:29 p.m.•188 views

CVE-2019-0201

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider ...

5.9CVSS5.8AI score0.00237EPSS

CVE•added 2017/10/10 1:30 a.m.•133 views

CVE-2017-5637

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5...

7.5CVSS7.4AI score0.22005EPSS

CVE•added 2018/05/21 7:29 p.m.•110 views

CVE-2018-8012

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.

7.5CVSS7.3AI score0.0113EPSS

CVE•added 2024/11/07 10:15 a.m.•90 views

CVE-2024-51504

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which use...

9.1CVSS9.2AI score0.00306EPSS

CVE•added 2016/09/21 2:25 p.m.•82 views

CVE-2016-5017

Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.

8.1CVSS7.9AI score0.1058EPSS