We're using Cloudera Manager 6.3.1 to deploy CDH6.3.2, and it componet of Zookeeper version is 3.4.5+cdh6.3.2. but we fond a vulnerability CVE-2019-0201 from https://www.cvedetails.com/cve/CVE-2019-0201/?q=CVE-2019-0201
(An issue is persent in Apache Zookeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper's getACL() command doesn't check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string).
Now, i want to upgrade Zookeeper to deal this vulnerability in CDH6.3.2, but i don't kown what should i do. Should i use a independence Zookeeper-3.4.14 replace Zookeeper- 3.4.5+cdh6.3.2?
Thank you in advance !
Best Regards !
... View more