Published: 23/05/2019 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache zookeeper 3.5.3
apache zookeeper 3.5.0
apache zookeeper
apache zookeeper 3.5.1
apache zookeeper 3.5.2
apache zookeeper 3.5.4
apache drill 1.16.0
apache activemq 5.15.9
debian debian linux 8.0
debian debian linux 9.0
redhat fuse 1.0.0
oracle goldengate stream analytics
oracle siebel core - server framework
oracle timesten in-memory database
netapp hci_bootstrap_os -
netapp element software -

Debian Bug report logs - #929283 zookeeper: CVE-2019-0201: information disclosure vulnerability Package: src:zookeeper; Maintainer for src:zookeeper is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 20 May 2019 20:06:01 UTC Seve ...

Synopsis Important: Red Hat JBoss Data Virtualization 648 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Data VirtualizationRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scorin ...

Synopsis Important: Red Hat Fuse 750 security update Type/Severity Security Advisory: Important Topic A minor version update (from 74 to 75) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security h ...

Synopsis Important: Red Hat JBoss Fuse/A-MQ 63 R14 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Fuse 63 and Red Hat JBoss A-MQ 63Red Hat Product Security has rated this update as having a security impact of Important A Common ...

Harrison Neil discovered that the getACL() command in Zookeeper, a service for maintaining configuration information, did not validate permissions, which could result in information disclosure For the stable distribution (stretch), this problem has been fixed in version 349-3+deb9u2 We recommend that you upgrade your zookeeper packages For the ...

Impact: Important Public Date: 2019-05-20 CWE: CWE-732 Bugzilla: 1715197: CVE-2019-0201 zookeeper: Info ...

oss-sec mailing list archives   By Date By Thread </form>    [CVE-2019-0201] Information disclosure vulnerability in Apache ZooKeeper   ...

How much does Oracle love you? Thiiiis much: Latest patch bundle has 402 fixes

The Register • Gareth Corfield • 21 Oct 2020

How many times do you want to read the CVSS rating 9.8 today?

Oracle has released its final quarterly batch of patches for the year for security flaws in its products. The total this time? 402 fixes, the bulk of which are rated critical in terms of severity. In all, there are 230 CVE-listed bugs fixed across 27 Oracle products, according to Tenable, which noted Big Red's record is still July 2020 with more than 440 patches. "Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already rele...

CWE-862 https://zookeeper.apache.org/security.html#CVE-2019-0201 https://issues.apache.org/jira/browse/ZOOKEEPER-1392 http://www.securityfocus.com/bid/108427 https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html https://www.debian.org/security/2019/dsa-4461 https://seclists.org/bugtraq/2019/Jun/13 https://security.netapp.com/advisory/ntap-20190619-0001/https://access.redhat.com/errata/RHSA-2019:3140 https://access.redhat.com/errata/RHSA-2019:3892 https://access.redhat.com/errata/RHSA-2019:4352 https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com//security-alerts/cpujul2021.html https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929283 https://nvd.nist.gov https://www.debian.org/security/2019/dsa-4461

CVE-2019-0201

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Recent Articles

References

Vulmon Search

About

Products

Connect