Fixed Issues in Zookeeper
Review the list of Zookeeper issues that are resolved in Cloudera Runtime 7.1.9 SP1.
- CDPD-67821: Information disclosure vulnerability in persistent watcher handling (CVE-2024-23944)
- Apache ZooKeeper has fixed an information disclosure vulnerability (CVE-2024-23944) caused by a missing ACL check in persistent watcher handling. Attackers may exploit this by attaching a persistent watcher to a parent znode, allowing them to monitor child znode's without ACL verification, exposing the full path of znodes. This path may contain sensitive information, like usernames or login IDs. The issue is fixed in ZOOKEEPER-4799.
Apache patch information
- ZOOKEEPER-4799