Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Adjacent ZooKeeper port reachability (AV:A), no auth thanks to hard-coded secret (PR:N), low complexity, and scope change because cluster-wide replicated commands affect all peers.
Primary rating from Vendor (LY-Corporation).
CVSS VectorVendor: LY-Corporation
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper ensemble, allowing an attacker with network access to read the full replication log or join the quorum and execute arbitrary replicated commands across the cluster.
AnalysisAI
Cluster-wide remote code execution in LY Corporation's centraldogma-server prior to 0.84.0 occurs when ZooKeeper replication is enabled without explicitly configuring replication.secret, causing the embedded ZooKeeper ensemble to authenticate using a hard-coded, publicly known fallback credential. An adjacent attacker with network reachability to the replication ports can read the entire replication log or join the quorum to issue arbitrary replicated commands. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) the target centraldogma-server to be running a version prior to 0.84.0 with ZooKeeper replication enabled, (2) the operator to have failed to set the replication.secret configuration property - which triggers the silent fallback to the hard-coded value, and (3) the attacker to have adjacent-network reachability (CVSS AV:A) to the embedded ZooKeeper ensemble ports on a cluster node. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector AV:A/AC:L/AT:N/PR:N/UI:N with VC:H/VI:H/VA:H and subsequent-system SC:H/SI:H/SA:H produces a 9.4 score, reflecting an adjacent-network, unauthenticated path to full compromise of every node in the cluster - a realistic rating given the hard-coded secret. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who gains a foothold on the same network segment as a Central Dogma cluster (for example, a compromised CI runner or neighboring container) scans for the ZooKeeper replication ports and connects using the publicly known hard-coded secret. Once authenticated to the ensemble they either passively stream the replication log to harvest configuration secrets stored in Central Dogma, or actively join the quorum and submit replicated commands that propagate malicious configuration to every consuming application. … |
| Remediation | Vendor-released patch: Central Dogma 0.84.0 - upgrade centraldogma-server to 0.84.0 or later, which removes the silent fallback to the hard-coded secret. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all centraldogma-server deployments with ZooKeeper replication enabled; implement network firewall rules restricting access to replication ports (2181, 2888, 3888) to authorized internal hosts only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Central Dogma
View allMan-in-the-middle attacks against LY Corporation's Central Dogma server can compromise mirrored Git repositories in vers
Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the a
LDAP injection in Central Dogma's Apache Shiro-based authentication module exposes unauthenticated remote attackers to a
Central Dogma versions before 0.78.0 contain an Open Redirect vulnerability that allows attackers to redirect users to u
Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of
Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 allows remote attackers to inject arbitrary web scr
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38207