漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper ensemble, allowing an attacker with network access to read the full replication log or join the quorum and execute arbitrary replicated commands across the cluster.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LY Corporation Central Dogma 信任管理问题漏洞
Vulnerability Description
LY Corporation Central Dogma是LY Corporation公司的一款消息队列中间件。 LY Corporation Central Dogma 0.84.0之前版本存在信任管理问题漏洞,该漏洞源于启用ZooKeeper复制而未设置replication.secret时,服务器会静默回退到硬编码的公开密钥,可能导致具有网络访问权限的攻击者读取完整复制日志或加入仲裁并执行任意复制命令。
CVSS Information
N/A
Vulnerability Type
N/A