CVE-2023-44981

EPSS 0.03%
Published 11.10.2023 12:15:11
Last modified 23.04.2025 17:16:39
Source security@apache.org
Teams watchlist Login
Open Login

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default.

Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue.

Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.

See the documentation for more details on correct cluster administration.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Zookeeper Version < 3.7.2

Apache ≫ Zookeeper Version >= 3.8.0 < 3.8.3

Apache ≫ Zookeeper Version3.9.0

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Debian ≫ Debian Linux Version12.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.06

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://security.netapp.com/advisory/ntap-20240621-0007/

http://www.openwall.com/lists/oss-security/2023/10/11/4

Third Party Advisory

Mailing List

https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b

Vendor Advisory

Issue Tracking

https://lists.debian.org/debian-lts-announce/2023/10/msg00029.html

Mailing List

https://www.debian.org/security/2023/dsa-5544

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2023-44981

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-44981

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-44981

EUVD