Critical Vulnerability Discovered in Apache ZooKeeper

A critical vulnerability has been identified in the Admin Server component of Apache ZooKeeper, potentially allowing attackers to gain unauthorized access to vulnerable systems. This vulnerability, registered as CVE-2024-51504 with a risk score of 9.1, arises in the IPAuthenticationProvider component of the ZooKeeper Admin Server. It uses the X-Forwarded-For HTTP header to determine the IP address, enabling attackers to spoof the IP address, bypass authentication, and gain access to critical commands.

Exploiting this vulnerability could result in unauthorized access, execution of critical operations, data leakage, disruption of service stability, and compromise of ZooKeeper’s integrity. Versions of Apache ZooKeeper prior to 3.9.3 are affected, and the UAE Cyber Security Council strongly advises updating to Apache ZooKeeper version 3.9.3 or later to ensure system security. Please share this information with your partners and departments.

Computer Emergency
Response Team

Computer Emergency
Response Team

Critical Vulnerability Discovered in Apache ZooKeeper

Hackers are attacking GitHub users using a sophisticated new Phishing tool called “GoIssue”

High-Level Vulnerabilities Identified in Fortinet Products

SAP Security Update: Patch for High Severity Vulnerabilities