CVE-2023-44981— Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication

Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default. Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue. Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue. See the documentation for more details on correct cluster administration.

N/A

通过用户控制密钥绕过授权机制

Apache ZooKeeper 安全漏洞

Apache Zookeeper是美国阿帕奇（Apache）基金会的一个软件项目，它能够为大型分布式计算提供开源的分布式配置服务、同步服务和命名注册等功能。 Apache ZooKeeper 3.9.1之前、3.8.3之前、3.7.2之前版本存在安全漏洞，该漏洞源于如果在 ZooKeeper 中启用了 SASL Quorum Peer 身份验证 (quorum.auth.enableSasl=true)，则通过验证 SASL 身份验证 ID 中的实例部分会在 Zoo 中列出来，SASL 身份验证 ID 中

N/A

N/A