Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
CVE-2023-44981

9.1CRITICAL

Key Information:

Vendor: Apache
Status: Apache ZooKeeper
Vendor: CVE Published:; 11 October 2023

Summary

An authorization bypass vulnerability exists in Apache ZooKeeper when SASL Quorum Peer authentication is enabled. The vulnerability allows an arbitrary endpoint to join the ZooKeeper cluster by exploiting the optional instance part in the SASL authentication ID. If this part is omitted, the authorization check is effectively bypassed, granting the unauthorized entity the ability to propagate fake changes to the leader and gain complete read-write access to the data tree. This issue can be mitigated by updating to the latest versions or securing ensemble communication with firewall protections. Users are urged to review the documentation for proper cluster administration and to enhance security measures.

Affected Version(s)

Apache ZooKeeper 3.9.0 < 3.9.1

Apache ZooKeeper 3.8.0 <= 3.8.2

Apache ZooKeeper 3.7.0 <= 3.7.1

References

https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nyc...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/10/11/4

https://lists.debian.org/debian-lts-announce/2023/10/msg0...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2023
Vulnerability Reserved
Oct 2, 2023

Credit

Damien Diederen <[email protected]>