CVE-2019-0201

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-0201
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-0201.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-0201
Aliases
Downstream
Related
Published
2019-05-23T14:29:07.517Z
Modified
2026-03-20T11:26:49.248294Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.

References

Affected packages

Git / github.com/apache/activemq

Affected ranges

Type
GIT
Repo
https://github.com/apache/activemq
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
855ba82071e0ce64d9b38cc610edfd38ed332cb3
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.15.9"
        }
    ]
}
Type
GIT
Repo
https://github.com/apache/zookeeper
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2d71af4dbe22557fda74f9a9b4309b15a7487f03
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
22dd197a0327eef989feaf2109e5e7371624f743
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ab2aa27ff452a3c2331761854a9bf5a63e01954c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
59adfa23fb6c1b9034283d6fc09cd7a4a8e6e0b1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1ce2f9e1952004fc10924eb13c585c24d6523ba8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0014376a18ba46df973b06e85bcf6694b0fa91d4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d2ff69d0a3100d42b153feda96a66f518c59347e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
28b0bd08f5ec95b4743f04963867180377378bd4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
75276c6dfc659765ec89dadffbc4b61a18b91a5f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3f572f0a3568ad21d7a1175ecde007b222c74cf4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
554ad8c4d79e5077961a964d7bee2b413b9ea0ea
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c8a224f4821e5201ba8816731c6b1a28582210f4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8ce24f9e675cbefffb8f21a47e06b42864475a60
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8ce24f9e675cbefffb8f21a47e06b42864475a60
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8ce24f9e675cbefffb8f21a47e06b42864475a60
Database specific 
{
    "versions": [
        {
            "introduced": "1.0.0"
        },
        {
            "last_affected": "3.4.13"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.0-rc0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.1-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.1-rc0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.1-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.1-rc2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.1-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.1-rc4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.2-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.2-rc0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.2-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.3-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.3-rc0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.3-rc1"
        }
    ]
}

Affected versions

activemq-5.*
activemq-5.10.0
activemq-5.11.0
activemq-5.12.0
activemq-5.13.0
activemq-5.14.0
activemq-5.15.0
activemq-5.15.1
activemq-5.15.2
activemq-5.15.3
activemq-5.15.4
activemq-5.15.5
activemq-5.15.6
activemq-5.15.7
activemq-5.15.8
activemq-5.15.9
activemq-5.9.0
release-3.*
release-3.4.10
release-3.4.10-rc0
release-3.4.10-rc1
release-3.4.11
release-3.4.11-rc0
release-3.4.11-rc1
release-3.4.12
release-3.4.12-rc0
release-3.4.12-rc1
release-3.4.13
release-3.4.13-rc0
release-3.4.13-rc1
release-3.5.3
release-3.5.3-rc0
release-3.5.3-rc1

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.16.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.5.0-alpha"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.5.1-alpha"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.5.2-alpha"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.5.3-beta"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.5.4-beta"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "19.1.0.0.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "21.5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "18.1.3.1.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-0201.json"