Lucene search

K
ubuntucveUbuntu.comUB:CVE-2018-8012
HistoryMay 21, 2018 - 12:00 a.m.

CVE-2018-8012

2018-05-2100:00:00
ubuntu.com
ubuntu.com
16

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.004

Percentile

74.0%

No authentication/authorization is enforced when a server attempts to join
a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through
3.5.3-beta. As a result an arbitrary end point could join the cluster and
begin propagating counterfeit changes to the leader.

Bugs

Notes

Author Note
msalvatore Debian notes that for wheezy (3.4.5) the “changes are too intrusive to backport”
OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchzookeeper< 3.4.8-1ubuntu0.1~esm1UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.004

Percentile

74.0%