#VU83312 Authorization bypass through user-controlled key in ZooKeeper - CVE-2023-44981
Published: November 20, 2023
Vulnerability identifier: #VU83312
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-44981
CWE-ID: CWE-639
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ZooKeeper
ZooKeeper
Software vendor:
Apache Foundation
Apache Foundation
Description
The vulnerability allows a remote attacker to bypass authorization process.
The vulnerability exists due to improper implementation of SASL Quorum Peer authentication. The instance part in SASL authentication ID, which is listed in zoo.cfg server
list, is optional and if it's missing,
the authorization check will be skipped. As a
result an arbitrary endpoint could join the cluster and begin
propagating counterfeit changes to the leader, essentially giving it
complete read-write access to the data tree.
Remediation
Install updates from vendor's website.