CNNVD-202509-3884 Information
CNNVD ID
CNNVD-202509-3884
Related CVE
- CNNVD Published: 2025-09-24
Description (Chinese)
Apache Zookeeper是美国阿帕奇(Apache)基金会的一个软件项目,它能够为大型分布式计算提供开源的分布式配置服务、同步服务和命名注册等功能。 Apache ZooKeeper 3.9.0版本至3.9.4之前版本存在安全漏洞,该漏洞源于权限检查不当,可能导致授权客户端以不足权限运行快照和恢复命令。
Description (English)
Apache Zookeeper, a software project of the Apache Foundation in the United States, is able to provide open-source distributed configuration services, synchronized services and naming registration for large-scale distributed computing. There is a security loophole between Appache ZooKeeper, version 3.9.0, and previous versions of 3.9.4. This loophole stems from inappropriate authority checks, which may lead to the authorization of clients to run snapshots and restore commands with inadequate privileges.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Apache Friends
Published
2025-09-24
Last Modified
2026-02-24
References
https://lists.apache.org/thread/r5yol0kkhx2fzw22pxk1ozwm3oc6yxrx
Patch
https://zookeeper.apache.org/releases.html
Share on: