Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 8 of 8 results


CVE-2024-51504

Medium priority
Needs evaluation

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of...

1 affected packages

zookeeper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zookeeper Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-23944

Medium priority
Needs evaluation

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker...

1 affected packages

zookeeper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zookeeper Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-44981

Medium priority
Fixed

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance...

1 affected packages

zookeeper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zookeeper Fixed Fixed Fixed Not affected
Show less packages

CVE-2019-0201

Low priority

Some fixes available 2 of 5

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained...

1 affected packages

zookeeper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zookeeper Not affected Not affected Not affected Fixed
Show less packages

CVE-2018-8012

Medium priority

Some fixes available 1 of 2

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin...

1 affected packages

zookeeper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zookeeper Not affected Not affected Not affected Fixed
Show less packages

CVE-2017-5637

Medium priority

Some fixes available 2 of 5

Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru...

1 affected packages

zookeeper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zookeeper Not affected Not affected Not affected Fixed
Show less packages

CVE-2016-5017

Low priority

Some fixes available 2 of 6

Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.

1 affected packages

zookeeper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zookeeper Not affected Not affected Not affected Fixed
Show less packages

CVE-2014-0085

Medium priority
Ignored

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text...

1 affected packages

zookeeper

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zookeeper Not affected Not affected Not affected Not affected
Show less packages