CVE-2024-23944: Apache ZooKeeper: Information disclosure in persistent watcher handling

CVE-2024-23944: Apache ZooKeeper: Information disclosure in persistent watcher handling

Open Source Security [[{„value“:“

Posted by Andor Molnar on Mar 14

Severity: critical

Affected versions:

– Apache ZooKeeper 3.9.0 through 3.9.1
– Apache ZooKeeper 3.8.0 through 3.8.3
– Apache ZooKeeper 3.6.0 through 3.7.2

Description:

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an
attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker
has already access to. ZooKeeper server…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert