Apache ZooKeeper Security Update Advisory (CVE-2024-51504)

Nov 12 2024

Overview

An update has been released to address vulnerabilities in Apache ZooKeeper. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-51504

ZooKeeper version: 3.9.0

Resolved Vulnerabilities

A vulnerability exists that could bypass IP-based authentication and, in the default setting, allow an attacker to bypass authentication by forging the client IP via the X-Forwarded-For header (CVE-2024-51504)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-51504

ZooKeeper version: 3.9.3

Referenced Sites

[1] CVE-2024-51504 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-51504

[2] CVE-2024-51504: Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server

https://lists.apache.org/thread/b3qrmpkto5r6989qr61fw9y2x646kqlh

Apache ZooKeeper Security Update Advisory (CVE-2024-51504)

Microsoft Edge browser (130.0.6723.116) version security update advisory

Citrix Product Security Update Advisory (CVE-2024-8534)

Tags:

Microsoft Edge browser (130.0.6723.116) version security update advisory

Citrix Product Security Update Advisory (CVE-2024-8534)