CVE-2018-8012 vulnerability in Apache and Other Products
Published on May 21, 2018

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.

Vendor Advisory NVD

Products Associated with CVE-2018-8012

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-8012 are published in these products:

Apache Zookeeper

Debian Linux

Oracle Goldengate Stream Analytics

Affected Versions

Apache Software Foundation Apache ZooKeeper Version Apache ZooKeeper prior to 3.4.10, Apache ZooKeeper 3.5.0-alpha through 3.5.3-beta is affected by CVE-2018-8012

Exploit Probability

EPSS

1.37%

Percentile

79.98%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-8012 vulnerability in Apache and Other ProductsPublished on May 21, 2018

Products Associated with CVE-2018-8012

Affected Versions

Exploit Probability

CVE-2018-8012 vulnerability in Apache and Other Products
Published on May 21, 2018