Authorization Bypass Through User-Controlled Key Affecting org.apache.zookeeper:zookeeper package, versions [,3.7.2) [3.8.0,3.8.3) [3.9.0,3.9.1)


Severity

0.0
high
0
10

    Threat Intelligence

    EPSS
    0.37% (73rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JAVA-ORGAPACHEZOOKEEPER-5961102
  • published 12 Oct 2023
  • disclosed 11 Oct 2023
  • credit Damien Diederen

How to fix?

Upgrade org.apache.zookeeper:zookeeper to version 3.7.2, 3.8.3, 3.9.1 or higher.

Overview

org.apache.zookeeper:zookeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services.

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key when the SASL Quorum Peer authentication is enabled (`quorum.auth.enableSasl=true), an attacker can bypass the authorization check by omitting the instance part in the SASL authentication ID. This allows an arbitrary endpoint to join the cluster and propagate counterfeit changes to the leader, effectively granting it full read-write access to the data tree.

Note:

  1. This is only exploitable if quorum.auth.enableSasl=true is set in the configuration.

  2. Quorum Peer authentication is not enabled by default.

CVSS Scores

version 3.1
Expand this section

Snyk

8.1 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    High
  • Availability (A)
    High
Expand this section

NVD

9.1 critical