CVE-2020-35211: An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node.
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.46742%
CWE
-
Published
12/17/2021
Updated
2/1/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
io.atomix:atomix | maven | <= 3.1.5 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability centers around improper handling of Raft consensus terms in RaftContext. Based on: 1) The explicit reference to term manipulation in RaftContext in the CVE description 2) Raft protocol mechanics where leadership is determined by term numbers 3) Standard Raft implementation patterns showing term management in RaftContext 4) Leader election being handled via AppendEntries
RPCs 5) The high severity score indicating protocol-level authentication flaws. These functions likely lack proper validation
of node authorization when processing term updates and leadership claims.