CVE-2018-8012

Summary

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache ZooKeeperApache ZooKeeper prior to 3.4.10, Apache ZooKeeper 3.5.0-alpha through 3.5.3-betaaffected

Weaknesses

  • Gain Privilege

ADP Enrichment

CVE Program Container

Additional References

References