Source: zookeeper Severity: grave Tags: security Justification: user security hole
Hi. It seems there is a grave permission issue in the zookeeper package, namely that /var/lib/zookeeper is created world-readable. Since ZK creates its files word-readable as well, any user on the system can extract any data stored with ZK, which can easily contain very sensitive information on the clustered system relying on ZK. Cheers, Chris.
