PT-2023-6096 · Apache+3 · Apache Zookeeper+3
Damien Diederen
·
Published
2023-10-02
·
Updated
2024-08-15
·
CVE-2023-44981
CVSS v3.1
9.1
Critical
| AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Apache ZooKeeper versions prior to 3.7.2
Apache ZooKeeper versions prior to 3.8.3
Apache ZooKeeper versions prior to 3.9.1
Description
The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled, the authorization check can be skipped if the instance part in the SASL authentication ID is missing. This allows an arbitrary endpoint to join the cluster and propagate counterfeit changes to the leader, giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default.
Recommendations
To resolve the issue, upgrade to version 3.7.2, 3.8.3, or 3.9.1, which fixes the issue.
Alternatively, ensure the ensemble election/quorum communication is protected by a firewall to mitigate the issue.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Zookeeper
Linuxmint
Red Os
Ubuntu