BIT-zookeeper-2026-24308

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/zookeeper/BIT-zookeeper-2026-24308.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-zookeeper-2026-24308

Aliases

CVE-2026-24308
GHSA-crhr-qqj8-rpxc

Published

2026-03-10T08:52:17.946Z

Modified

2026-03-10T09:26:15.334790Z

Summary

Apache ZooKeeper: Sensitive information disclosure in client configuration handling

Details

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential production systems affected by the issue. Users are recommended to upgrade to version 3.8.6 or 3.9.5 which fixes this issue.

Database specific

{
    "severity": "Unknown",
    "cpes": [
        "cpe:2.3:a:apache:zookeeper:*:*:*:*:*:maven:*:*"
    ]
}

References

Affected packages

Bitnami / zookeeper

Package

Name: zookeeper
Purl: pkg:bitnami/zookeeper

Affected ranges

Type: SEMVER
Events: Introduced

3.8.0

Fixed

3.8.6

Introduced

3.9.0

Fixed

3.9.5

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/zookeeper/BIT-zookeeper-2026-24308.json"