CVE-2023-44981: Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication

CVE-2023-44981: Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication

Open Source Security 

Posted by Andor Molnar on Oct 11

Severity: critical

Affected versions:

– Apache ZooKeeper 3.9.0
– Apache ZooKeeper 3.8.0 through 3.8.2
– Apache ZooKeeper 3.7.0 through 3.7.1
– Apache ZooKeeper before 3.7.0

Description:

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication
is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in
SASL authentication…
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert