CVE-2023-44981

Summary

CVE-2023-44981 is a vulnerability affecting Apache ZooKeeper, an open-source service used for maintaining configuration information, providing distributed synchronization, and providing a means of maintaining application consistency. If Quorum Peer authentication with SASL is enabled in ZooKeeper, an attacker can bypass authorization checks by omitting the instance part in their SASL authentication ID. This allows an arbitrary endpoint to join the cluster, ultimately gaining complete read-write access to the data tree. It's essential to note that Quorum Peer authentication is not the default setting. To mitigate this vulnerability, it's recommended that users upgrade to Apache ZooKeeper versions 3.9.1, 3.8.3, or 3.7.2, which address the issue. Alternatively, protecting ensemble election and quorum communication with a firewall can help prevent unauthorized access. Proper cluster administration practices, as outlined in the documentation, should also be followed to maintain security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.