ID CVE-2018-8012
Summary No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:zookeeper:3.5.3:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.3:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.1:-:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.1:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.1:alpha:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.1:alpha:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.1:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.1:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.1:rc3:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.1:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.1:rc4:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.1:rc4:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.2:-:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.2:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.2:alpha:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.2:alpha:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.2:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.2:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.3:-:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.3:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.3:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.3:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.5.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.5.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.4:-:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.4:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.4:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.4:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.5:-:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.5:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.5:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.5:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.6:-:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.6:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.6:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.6:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.7:-:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.7:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.7:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.7:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.8:-:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.8:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.8:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.8:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.9:-:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.9:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.9:rc0:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.9:rc0:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.9:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:zookeeper:3.4.9:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:zookeeper:3.4.9:rc2:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:goldengate_stream_analytics:-:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:goldengate_stream_analytics:-:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 14-09-2021 - 12:13)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 104253
debian DSA-4214
misc
mlist
  • [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar
  • [nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html
  • [nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html
sectrack 1040948
Last major update 14-09-2021 - 12:13
Published 21-05-2018 - 19:29
Last modified 14-09-2021 - 12:13
Back to Top