ghsa-ccqf-c5hq-77mp
Vulnerability from github
Published
2022-05-13 01:05
Modified
2022-06-29 19:03
Severity ?
Summary
Missing Authorization in Apache ZooKeeper
Details
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 3.4.9" }, "package": { "ecosystem": "Maven", "name": "org.apache.zookeeper:zookeeper" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "3.4.10" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 3.5.3-beta" }, "package": { "ecosystem": "Maven", "name": "org.apache.zookeeper:zookeeper" }, "ranges": [ { "events": [ { "introduced": "3.5.0-alpha" }, { "fixed": "3.5.4-beta" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2018-8012" ], "database_specific": { "cwe_ids": [ "CWE-862" ], "github_reviewed": true, "github_reviewed_at": "2022-06-29T19:03:52Z", "nvd_published_at": "2018-05-21T19:29:00Z", "severity": "HIGH" }, "details": "No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.", "id": "GHSA-ccqf-c5hq-77mp", "modified": "2022-06-29T19:03:52Z", "published": "2022-05-13T01:05:57Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8012" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f@%3Coak-commits.jackrabbit.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r8f0d920805af93033c488af89104e2d682662bacfb8406db865d5e14@%3Cdev.jackrabbit.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rc5bc4ddb0deabf8cfb69378cecee56fcdc76929bea9e6373cb863870@%3Cdev.jackrabbit.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/re3a4048e9515d4afea416df907a612ed384a16c57cf99e97ee4a12f2@%3Cdev.jackrabbit.apache.org%3E" }, { "type": "WEB", "url": "https://www.debian.org/security/2018/dsa-4214" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/104253" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1040948" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ], "summary": "Missing Authorization in Apache ZooKeeper" }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.