Description
Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service (daemon outage), obtain sensitive information, or modify data via unspecified client traffic.
Remediation
References
http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCA+RK=_CFiTfQ2d0V+kuJx_y5izmYccaKjXaJ3V72KK7tbOhbkg%40mail.gmail.com%3E
http://www.securitytracker.com/id/1034365
http://www-01.ibm.com/support/docview.wss?uid=swg21969546
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
Related Vulnerabilities
CVE-2023-2585 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2023-30543 Vulnerability in npm package @web3-react/walletconnect
CVE-2022-34811 Vulnerability in maven package org.jenkins-ci.plugins:xpath-config-viewer
CVE-2023-24429 Vulnerability in maven package org.jenkins-ci.plugins:semantic-versioning-plugin
CVE-2021-31403 Vulnerability in maven package com.vaadin:vaadin-server