Homepage
About Snyk

Authorization Bypass Through User-Controlled Key Affecting org.apache.zookeeper:zookeeper package, versions [,3.7.2) [3.8.0,3.8.3) [3.9.0,3.9.1)

0.0
high
0
10

Snyk CVSS

    Attack Complexity High
    Confidentiality High
    Integrity High
    Availability High

    Threat Intelligence

    EPSS 0.37% (73rd percentile)
Expand this section
NVD
9.1 critical

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JAVA-ORGAPACHEZOOKEEPER-5961102
  • published 12 Oct 2023
  • disclosed 11 Oct 2023
  • credit Damien Diederen
Report a new vulnerability Found a mistake?

Introduced: 11 Oct 2023

CVE-2023-44981 Open this link in a new tab
CWE-639 Open this link in a new tab

How to fix?

Upgrade org.apache.zookeeper:zookeeper to version 3.7.2, 3.8.3, 3.9.1 or higher.

Overview

org.apache.zookeeper:zookeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services.

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key when the SASL Quorum Peer authentication is enabled (`quorum.auth.enableSasl=true), an attacker can bypass the authorization check by omitting the instance part in the SASL authentication ID. This allows an arbitrary endpoint to join the cluster and propagate counterfeit changes to the leader, effectively granting it full read-write access to the data tree.

Note:

  1. This is only exploitable if quorum.auth.enableSasl=true is set in the configuration.

  2. Quorum Peer authentication is not enabled by default.