Back to search
CVE-2018-8012
Published: May 21, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache ZooKeeper | affected Apache ZooKeeper prior to 3.4.10, Apache ZooKeeper 3.5.0-alpha through 3.5.3-beta |
References
DSA-4214
vendor-advisory
x_refsource_DEBIAN
1040948
vdb-entry
x_refsource_SECTRACK
104253
vdb-entry
x_refsource_BID
[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html
mailing-list
x_refsource_MLIST
[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now