Description

Apache ZooKeeper is an effort to develop and maintain an open-source server which enables highly reliable distributed coordination.

Apache ZooKeeper is designed to be accessed by trusted clients inside trusted environments. It's not recommended to have Apache ZooKeeper service publicly accessible.

Remediation

It's recommended to restrict access to this service in production systems.

References

ZooKeeper Security

Related Vulnerabilities

PHP register_globals Is Enabled

Sitecore Arbitrary File Read (CVE-2024-46938)

WordPress admin accessible without HTTP authentication

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4581)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-14641)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration