Improper authorization control for web services In org.apache.zookeeper:zookeeper
Description
Missing Authorization in Apache ZooKeeper No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 maven | 3.4.10, 3.5.4-beta | ||
 debian 13 | 3.4.10-2 | ||
debian 14 | 3.4.10-2 | ||
debian 11 | 3.4.10-2 | ||
debian 12 | 3.4.10-2 |
Aliases
1. 2. 3. 4. 5. 6.
References
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12.