Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:45909
HistoryMar 18, 2024 - 7:08 a.m.

Sensitive Information Disclosure

2024-03-1807:08:30
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
sensitive information disclosure
acl checks
child znodes
persistent watcher
access control

AI Score

6.7

Confidence

High

EPSS

0

Percentile

9.0%

JSON

Apache ZooKeeper is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing ACL checks in the persistent watcher feature. An attackers can monitor child znodes by attaching a persistent watcher to a parent node they already have access to. When the persistent watcher is triggered, ZooKeeper server doesn’t perform ACL check, exposing the full path of znodes to the watcher’s owner.

Related

osv 7
ibm 11
vulnrichment 1
cgr 1
debiancve 1
ubuntucve 1
github 1
nessus 2
cvelist 1
wolfi 1
nvd 1
cve 1
redos 1
redhat 1
oracle 1
osv
osv
CGA-h562-6hp9-9x2q
2024-06-06 12:27:37
CGA-mrr6-55fr-72mh
2024-06-06 12:28:34
CGA-rgr4-3vcx-cj8x
2024-06-06 12:29:19
ibm
ibm
Security Bulletin: IBM Watson Explorer affected by vulnerability in Apache ZooKeeper.(CVE-2024-23944)
2024-06-20 06:47:46
Security Bulletin: Information disclosure in persistent watchers handling
2024-07-12 05:04:33
Security Bulletin: Vulnerabilities in Apache ZooKeeper affect IBM watsonx.data
2024-09-25 18:46:25
vulnrichment
vulnrichment
CVE-2024-23944 Apache ZooKeeper: Information disclosure in persistent watcher handling
2024-03-15 10:26:12
cgr
cgr
CVE-2024-23944 vulnerabilities
2024-05-19 03:07:16
debiancve
debiancve
CVE-2024-23944
2024-03-15 11:15:08
ubuntucve
ubuntucve
CVE-2024-23944
2024-03-15 00:00:00
github
github
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling
2024-03-15 12:30:37
nessus
nessus
Apache ZooKeeper 3.6.x <= 3.7.2, 3.8.x < 3.8.4, 3.9.x < 3.9.2 Information Disclosure
2024-03-21 00:00:00
Oracle Primavera Unifier (Jul 2024 CPU)
2024-07-18 00:00:00
cvelist
cvelist
CVE-2024-23944 Apache ZooKeeper: Information disclosure in persistent watcher handling
2024-03-15 10:26:12
wolfi
wolfi
CVE-2024-23944 vulnerabilities
2024-09-27 21:56:47
nvd
nvd
CVE-2024-23944
2024-03-15 11:15:08
cve
cve
CVE-2024-23944
2024-03-15 11:15:08
redos
redos
ROS-20240815-05
2024-08-15 00:00:00
redhat
redhat
(RHSA-2024:6536) Moderate: Red Hat AMQ Streams 2.5.2 release and security update
2024-09-10 14:17:57
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00

AI Score

6.7

Confidence

High

EPSS

0

Percentile

9.0%

JSON
Related for VERACODE:45909
osv7ibm11vulnrichment1cgr1debiancve1ubuntucve1github1nessus2cvelist1wolfi1nvd1cve1redos1redhat1oracle1