VYPR
High severity7.5NVD Advisory· Published May 21, 2018· Updated Jun 17, 2026

CVE-2018-8012

CVE-2018-8012

Description

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.zookeeper:zookeeperMaven
< 3.4.103.4.10
org.apache.zookeeper:zookeeperMaven
>= 3.5.0-alpha, < 3.5.4-beta3.5.4-beta

Affected products

2

Patches

Vulnerability mechanics

References

22

News mentions

0

No linked articles in our index yet.