CVSS: 9.1EPSS: 1%CPEs: 6EXPL: 0CVE-2023-44981 – Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
https://notcve.org/view.php?id=CVE-2023-44981
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default. Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue. Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue. See the documentation for more details on correct cluster administration. • http://www.openwall.com/lists/oss-security/2023/10/11/4 https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b https://lists.debian.org/debian-lts-announce/2023/10/msg00029.html https://security.netapp.com/advisory/ntap-20240621-0007 https://www.debian.org/security/2023/dsa-5544 https://access.redhat.com/security/cve/CVE-2023-44981 https://bugzilla.redhat.com/show_bug.cgi?id=2243436 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.9EPSS: 16%CPEs: 8EXPL: 0CVE-2021-21295 – Possible request smuggling in HTTP/2 due missing validation
https://notcve.org/view.php?id=CVE-2021-21295
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. • https://github.com/Netflix/zuul/pull/980 https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4 https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f%40%3Cdev.ranger.apache.org%3E https://lists.apache.org/thread.html/r040a5e4d9cca2f98354b58a70b27099672276f66995c4e2e39545d0b%40%3Cissues.hbase.apache.org%3E https://lists.apache.org/thread.html/r04a3e0d9f53421fb946c60cc54762b7151dc692eb4e39970a7579052%40%3Ccommits.servicecomb.apache.org • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2019-0201 – zookeeper: Information disclosure in Apache ZooKeeper
https://notcve.org/view.php?id=CVE-2019-0201
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users. Hay un problema presente en Apache ZooKeeper 1.0.0 a 3.4.13 y 3.5.0-alpha a 3.5.4-beta. • http://www.securityfocus.com/bid/108427 https://access.redhat.com/errata/RHSA-2019:3140 https://access.redhat.com/errata/RHSA-2019:3892 https://access.redhat.com/errata/RHSA-2019:4352 https://issues.apache.org/jira/browse/ZOOKEEPER-1392 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html&#x • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-8012
https://notcve.org/view.php?id=CVE-2018-8012
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. No se aplica autenticación/autorización cuando un servidor intenta unirse a un quorum en Apache ZooKeeper en versiones anteriores a la 3.4.10 y 3.5.0-alpha hasta 3.5.3-beta. Como resultado, un endpoint arbitrario podría unirse al clúster y comenzar a propagar cambios falsos al líder. • http://www.securityfocus.com/bid/104253 http://www.securitytracker.com/id/1040948 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393%40%3Cdev.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r73daf1fc5d85677d9a854707e1908d14e174b7bbb0c603709c0ab33f%40%3Coak-commits.jackrabb • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 4%CPEs: 14EXPL: 1CVE-2017-5637 – Zookeeper 3.5.2 Client - Denial of Service
https://notcve.org/view.php?id=CVE-2017-5637
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later. Dos comandos con palabras de cuatro letras "wchp/wchc" provocan un gran consumo de CPU y podrían dar lugar a que se alcance el máximo uso de CPU en el servidor Apache ZooKeeper si se abusa de ellos, lo que da lugar a que el servidor quede deshabilitado para servir a peticiones de clientes legítimos. Las versiones de la 3.4.9 a la 3.5.2 de Apache ZooKeeper tienen este problema, que fue solucionado en las versiones 3.4.10, 3.5.3 y posteriores. A denial of service vulnerability was discovered in ZooKeeper which allows an attacker to dramatically increase CPU utilization by abusing "wchp/wchc" commands, leading to the server being unable to serve legitimate requests. • https://www.exploit-db.com/exploits/42294 http://www.debian.org/security/2017/dsa-3871 http://www.securityfocus.com/bid/98814 https://access.redhat.com/errata/RHSA-2017:2477 https://access.redhat.com/errata/RHSA-2017:3354 https://access.redhat.com/errata/RHSA-2017:3355 https://issues.apache.org/jira/browse/ZOOKEEPER-2693 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/58170aeb7a681 • CWE-20: Improper Input Validation CWE-306: Missing Authentication for Critical Function CWE-400: Uncontrolled Resource Consumption •