Apache Zookeeper-Default node accessible without ACL

Udgivelsesdato: Feb 12, 2025

Beskrivelse

Qualys security scanning software flagged Zookeeper on Tableau Server as having vulnerability QID-38780 - "Apache Zookeeper Common/Default Nodes Accessible Without ACL".

Cause

The Qualys vulnerability scanner flagged ZooKeeper on a Tableau Server node as "accessible without ACL". This is remedied by ensuring that the ZooKeeper ports are not accessible from computers that are not part of the Tableau Server cluster.

Løsning

In order to secure Tableau Server internal communications between nodes in a cluster, the cluster must be protected from external traffic using network security such as a firewall.

Tableau Server does not authenticate a new Zookeeper node when it joins a quorum, so Zookeeper ports need to be in the set of ports that are protected from external communication. The documents linked below address the hardening and configuration of those ports:

Tableau Server-Security Hardening:
https://help.tableau.com/current/server/en-us/security_harden.htm

Tableau Server-Ports:
https://help.tableau.com/current/server/en-us/ports.htm

Yderligere ressourcer

For additional information on Zookeeper security, please see the link below.

Apache Zookeeper
https://zookeeper.apache.org/security.html

Vidensartikelnummer

001534197

Løste denne artikel dit problem?

Giv os besked, så vi kan forbedre os!

Apache Zookeeper-Default node accessible without ACL

Cause

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List