A flaw was found in Apache ZooKeeper. A lack of permission checks while retrieving ACLs allows unsalted hash values to be disclosed for unauthenticated or unprivileged users.
Use an authentication method other than Digest (e.g. Kerberos) or upgrade to zookeeper 3.4.14 or later (3.5.5 or later if on the 3.5 branch). [<https://zookeeper.apache.org/security.html#CVE-2019-0201>]