| Description: | No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. It was discovered that Apache Zookeeper incorrectly handled clusters. An attacker could possibly use this issue to obtain sensitive information.
|