#VU83312 Authorization bypass through user-controlled key in ZooKeeper - CVE-2023-44981
Vulnerability identifier: #VU83312
Vulnerability risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-639
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
ZooKeeper
Server applications /
Database software
Vendor: Apache Foundation
Description
The vulnerability allows a remote attacker to bypass authorization process.
The vulnerability exists due to improper implementation of SASL Quorum Peer authentication. The instance part in SASL authentication ID, which is listed in zoo.cfg server
list, is optional and if it's missing,
the authorization check will be skipped. As a
result an arbitrary endpoint could join the cluster and begin
propagating counterfeit changes to the leader, essentially giving it
complete read-write access to the data tree.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
ZooKeeper: 3.0.0 - 3.9.0
External links
https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b
https://www.openwall.com/lists/oss-security/2023/10/11/4
https://lists.debian.org/debian-lts-announce/2023/10/msg00029.html
https://www.debian.org/security/2023/dsa-5544
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
