CVE-2018-8012: Missing Authorization

May 21, 2018 (updated October 3, 2019)

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.

References

www.securityfocus.com/bid/104253
www.securitytracker.com/id/1040948
nvd.nist.gov/vuln/detail/CVE-2018-8012

Detect and mitigate CVE-2018-8012 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →