Cloudera Community
zuo
user rank
New Contributor

Re: How to deal the vulnerability of CVE-2019-0201...

by New Contributor in Support Questions
‎04-26-2021 05:54 PM
‎04-26-2021 05:54 PM
Hi Gangwar,     Thanks for your reply, we're using CDH6.3.2, it means that we can use Digest authentication to reduce the risk from this CVE? ... View more

How to deal the vulnerability of CVE-2019-0201 in ...

by New Contributor in Support Questions
‎04-25-2021 07:31 PM
‎04-25-2021 07:31 PM
Hello,     We're using Cloudera Manager 6.3.1 to deploy CDH6.3.2, and it componet of Zookeeper version is 3.4.5+cdh6.3.2. but we fond a vulnerability CVE-2019-0201 from https://www.cvedetails.com/cve/CVE-2019-0201/?q=CVE-2019-0201  (An issue is persent in Apache Zookeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper's getACL() command doesn't check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string).     Now, i want to upgrade Zookeeper to deal this vulnerability in CDH6.3.2, but i don't kown what should i do. Should i use a independence Zookeeper-3.4.14 replace Zookeeper-3.4.5+cdh6.3.2?    Thank you in advance !     Best Regards !     Yushuo ... View more
Contact Me
Online
Offline
Last Visited
‎11-17-2022 02:30 AM
Community Statistics
Member Since ‎02-01-2021 06:31 PM
Last Visited ‎11-17-2022 02:30 AM
Posts 2