漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands
Vulnerability Description
Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade to version 3.9.4, which fixes the issue. The issue can be mitigated by disabling both commands (via admin.snapshot.enabled and admin.restore.enabled), disabling the whole AdminServer interface (via admin.enableServer), or ensuring that the root ACL does not provide open permissions. (Note that ZooKeeper ACLs are not recursive, so this does not impact operations on child nodes besides notifications from recursive watches.)
CVSS Information
N/A
Vulnerability Type
不充分权限或特权的处理不恰当
Vulnerability Title
Apache ZooKeeper 安全漏洞
Vulnerability Description
Apache Zookeeper是美国阿帕奇(Apache)基金会的一个软件项目,它能够为大型分布式计算提供开源的分布式配置服务、同步服务和命名注册等功能。 Apache ZooKeeper 3.9.0版本至3.9.4之前版本存在安全漏洞,该漏洞源于权限检查不当,可能导致授权客户端以不足权限运行快照和恢复命令。
CVSS Information
N/A
Vulnerability Type
N/A