Authorization Bypass Through User-Controlled Key Affecting org.apache.zookeeper:zookeeper package, versions [,3.7.2) [3.8.0,3.8.3) [3.9.0,3.9.1)
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGAPACHEZOOKEEPER-5961102
- published 12 Oct 2023
- disclosed 11 Oct 2023
- credit Damien Diederen
Introduced: 11 Oct 2023
CVE-2023-44981 Open this link in a new tabHow to fix?
Upgrade org.apache.zookeeper:zookeeper to version 3.7.2, 3.8.3, 3.9.1 or higher.
Overview
org.apache.zookeeper:zookeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services.
Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key when the SASL Quorum Peer authentication is enabled (`quorum.auth.enableSasl=true), an attacker can bypass the authorization check by omitting the instance part in the SASL authentication ID. This allows an arbitrary endpoint to join the cluster and propagate counterfeit changes to the leader, effectively granting it full read-write access to the data tree.
Note:
This is only exploitable if
quorum.auth.enableSasl=trueis set in the configuration.Quorum Peer authentication is not enabled by default.