GHSA-ccqf-c5hq-77mp

Suggest an improvement
Source
https://github.com/advisories/GHSA-ccqf-c5hq-77mp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-ccqf-c5hq-77mp/GHSA-ccqf-c5hq-77mp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-ccqf-c5hq-77mp
Aliases
Published
2022-05-13T01:05:57Z
Modified
2023-11-08T04:00:23.872615Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Missing Authorization in Apache ZooKeeper
Details

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.

References

Affected packages

Maven / org.apache.zookeeper:zookeeper

Package

Name
org.apache.zookeeper:zookeeper
View open source insights on deps.dev
Purl
pkg:maven/org.apache.zookeeper/zookeeper

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.10

Affected versions

3.*

3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.4.7
3.4.8
3.4.9

Database specific

{
    "last_known_affected_version_range": "<= 3.4.9"
}

Maven / org.apache.zookeeper:zookeeper

Package

Name
org.apache.zookeeper:zookeeper
View open source insights on deps.dev
Purl
pkg:maven/org.apache.zookeeper/zookeeper

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.5.0-alpha
Fixed
3.5.4-beta

Affected versions

3.*

3.5.0-alpha
3.5.1-alpha
3.5.2-alpha
3.5.3-beta

Database specific

{
    "last_known_affected_version_range": "<= 3.5.3-beta"
}