Apache Software Foundation Cassandra 4.0.0 Release Candidate 2

CPE Details

Apache Software Foundation Cassandra 4.0.0 Release Candidate 2
apache
cassandra
4.0.0
2022-02-15
16h31 +00:00
2022-02-15
17h00 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:cassandra:4.0.0:rc2:*:*:*:*:*:*

Informations

Vendor

apache

Product

cassandra

Version

4.0.0

Update

rc2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-30601 2023-05-30 07h25 +00:00 Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users. MITIGATION Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false.
7.8
High
CVE-2021-44521 2022-02-11 11h20 +00:00 When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.
9.1
Critical