apk package
wolfi/kafka-bitnami-compat
pkg:apk/wolfi/kafka-bitnami-compat
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-23944 | — | < 3.7.0-r2 | 3.7.0-r2 | Mar 15, 2024 | Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't d | ||
| CVE-2023-44981 | — | < 3.6.0-r4 | 3.6.0-r4 | Oct 11, 2023 | Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.c | ||
| CVE-2023-41900 | — | < 3.5.1-r2 | 3.5.1-r2 | Sep 15, 2023 | Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenti | ||
| CVE-2023-35116 | — | < 0 | 0 | Jun 14, 2023 | jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cycli |
- CVE-2024-23944Mar 15, 2024affected < 3.7.0-r2fixed 3.7.0-r2
Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't d
- CVE-2023-44981Oct 11, 2023affected < 3.6.0-r4fixed 3.6.0-r4
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.c
- CVE-2023-41900Sep 15, 2023affected < 3.5.1-r2fixed 3.5.1-r2
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenti
- CVE-2023-35116Jun 14, 2023affected < 0fixed 0
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cycli