No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper prior to 3.4.10, and 3.5.0-alpha up to and including 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache zookeeper 3.5.3 |
||
apache zookeeper 3.5.0 |
||
apache zookeeper |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
oracle goldengate stream analytics |