CVE-2018-8012 in Zookeeper
Summary
by MITRE
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/11/2026
Apache ZooKeeper serves as a critical coordination service for distributed systems, managing configuration information, naming, providing distributed synchronization, and group services. The vulnerability identified as CVE-2018-8012 represents a fundamental flaw in the quorum joining mechanism that undermines the security model of the entire system. This weakness exists in versions prior to 3.4.10 and all 3.5.0-alpha through 3.5.3-beta releases, creating a significant attack surface where unauthorized entities can compromise cluster integrity.
The technical flaw manifests as a complete absence of authentication and authorization checks during the quorum joining process. When a server attempts to join an existing quorum, the system fails to verify the identity or legitimacy of the joining node. This design oversight allows any network endpoint to present itself as a legitimate member and successfully integrate into the cluster. The vulnerability maps directly to CWE-287, which addresses improper authentication issues, and specifically relates to the lack of proper access control mechanisms in distributed systems. Attackers can exploit this weakness by simply connecting to the cluster and initiating a quorum join request without any credential verification or authorization validation.
The operational impact of this vulnerability is severe and far-reaching within distributed environments that rely on ZooKeeper for coordination. An attacker who gains network access to the cluster can join the quorum and begin propagating false data to the leader node, potentially causing cascading failures throughout the distributed system. This capability enables man-in-the-middle attacks where malicious nodes can disrupt service availability, corrupt configuration data, or manipulate the consensus process that ZooKeeper fundamentally depends upon. The attacker can essentially become a trusted member of the cluster while simultaneously undermining the integrity of the distributed state management system.
The implications extend beyond simple unauthorized access to encompass complete system compromise. Since ZooKeeper is often used to coordinate critical distributed applications, an attacker who successfully joins the quorum can manipulate the entire distributed system's behavior. This includes the ability to prevent legitimate nodes from joining, manipulate leader election processes, or introduce malicious configuration changes that affect all applications relying on the cluster. The attack vector aligns with ATT&CK technique T1078 which covers valid accounts usage, as the attacker essentially gains access through legitimate joining mechanisms but with malicious intent. Organizations using vulnerable versions of ZooKeeper should immediately implement mitigations including upgrading to patched versions, implementing network segmentation, and establishing proper authentication mechanisms.
Mitigation strategies should focus on immediate version upgrades to 3.4.10 or later 3.5.x releases where authentication mechanisms have been properly implemented. Network-level protections such as firewalls and access control lists should be deployed to restrict quorum join endpoints to only trusted systems. Additionally, organizations should implement monitoring solutions to detect unauthorized quorum join attempts and establish robust auditing procedures for cluster membership changes. The vulnerability highlights the critical importance of implementing proper access controls even in distributed systems where trust relationships are fundamental to operation, and serves as a reminder that distributed consensus mechanisms require rigorous security validation at every step of the process.