{"cve":{"cve_id":"CVE-2019-0201","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.09634,"epss_percentile":0.94862,"epss_as_of":"2026-06-23","description":"An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.","published_at":"2019-05-23T13:42:47Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":null,"nvd_references":["http://www.securityfocus.com/bid/108427","https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html","https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E","https://www.debian.org/security/2019/dsa-4461","https://seclists.org/bugtraq/2019/Jun/13","https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:3140","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E","https://access.redhat.com/errata/RHSA-2019:3892","https://access.redhat.com/errata/RHSA-2019:4352","https://www.oracle.com/security-alerts/cpujul2020.html","https://issues.apache.org/jira/browse/ZOOKEEPER-1392","https://zookeeper.apache.org/security.html#CVE-2019-0201","https://security.netapp.com/advisory/ntap-20190619-0001/","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com//security-alerts/cpujul2021.html","https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:11:46.851919Z"},"effective_severity":null,"badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"apache-software-foundation","vendor_name":"Apache Software Foundation","product_slug":"apache-zookeeper","product_name":"Apache ZooKeeper","version_start":"1.0.0 to 3.4.13","version_start_inclusive":true,"version_end":"1.0.0 to 3.4.13","version_end_inclusive":true,"cpe23_uri":"cve5:apache-software-foundation:apache-zookeeper:1.0.0 to 3.4.13:1.0.0 to 3.4.13"},{"vendor_slug":"apache-software-foundation","vendor_name":"Apache Software Foundation","product_slug":"apache-zookeeper","product_name":"Apache ZooKeeper","version_start":"3.5.0-alpha to 3.5.4-beta","version_start_inclusive":true,"version_end":"3.5.0-alpha to 3.5.4-beta","version_end_inclusive":true,"cpe23_uri":"cve5:apache-software-foundation:apache-zookeeper:3.5.0-alpha to 3.5.4-beta:3.5.0-alpha to 3.5.4-beta"}],"exploit_refs":[],"news":[],"references":[{"url":"http://www.securityfocus.com/bid/108427","source_type":"MISC","tags":[]},{"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00033.html","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://lists.apache.org/thread.html/f6112882e30a31992a79e0a8c31ac179e9d0de7c708de3a9258d4391%40%3Cissues.bookkeeper.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://lists.apache.org/thread.html/5d9a1cf41a5880557bf680b7321b4ab9a4d206c601ffb15fef6f196a%40%3Ccommits.accumulo.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list","patch"]},{"url":"https://www.debian.org/security/2019/dsa-4461","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jun/13","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://access.redhat.com/errata/RHSA-2019:3140","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://access.redhat.com/errata/RHSA-2019:3892","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:4352","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://issues.apache.org/jira/browse/ZOOKEEPER-1392","source_type":"MISC","tags":[]},{"url":"https://zookeeper.apache.org/security.html#CVE-2019-0201","source_type":"MISC","tags":[]},{"url":"https://security.netapp.com/advisory/ntap-20190619-0001/","source_type":"MISC","tags":[]},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://lists.apache.org/thread.html/r40f32125c1d97ad82404cc918171d9e0fcf78e534256674e9da1eb4b%40%3Ccommon-issues.hadoop.apache.org%3E","source_type":"MAILING_LIST","tags":["mailing-list"]}],"timeline":[{"type":"published","at":"2019-05-23T13:42:47Z","label":"CVE published","source":null}]}