Apache Software Foundation Cassandra 4.0.0 Release Candidate 2

CPE Details

Apache Software Foundation Cassandra 4.0.0 Release Candidate 2
apache
cassandra
4.0.0
2022-02-15
16h31 +00:00
2022-02-15
17h00 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:apache:cassandra:4.0.0:rc2:*:*:*:*:*:*

Informations

Vendor

apache

Product

cassandra

Version

4.0.0

Update

rc2

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-30601 2023-05-30 07h25 +00:00 Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users. MITIGATION Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false.
7.8
Haute
CVE-2021-44521 2022-02-11 11h20 +00:00 When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.
9.1
Critique