Cyber Resilience

CVE-2023-44981

Critical

Published: 11 October 2023

Published
11 October 2023
Modified
23 April 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0003 7.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-44981 is a critical-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Apache Zookeeper. Its CVSS base score is 9.1 (Critical).

Operationally, ranked at the 7.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The…

more

instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default. Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue. Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue. See the documentation for more details on correct cluster administration.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apache
zookeeper
3.9.0 · ≤ 3.7.2 · 3.8.0 — 3.8.3
debian
debian linux
10.0, 11.0, 12.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-639

Per-request decision making makes it harder to bypass authorization using user-controlled keys without proper validation in the decision process.

addresses: CWE-639

Consistent enforcement of approved authorizations makes bypassing via user-controlled keys ineffective.

References