Lucene search
ApacheCVELIST:CVE-2023-30601HistoryMay 30, 2023 - 7:25 a.m.
CVE-2023-30601 Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
2023-05-3007:25:49
CWE-269
apache
raw.githubusercontent.com
1
apache cassandra
privilege escalation
fql
audit logs
jmx access
upgrade
mitigation
vulnerability
Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra
This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.
WORKAROUND
The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.
MITIGATION
Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration propertyΒ allow_nodetool_archive_command as false.
Related
ibm
ibm
veracode
veracode
Privilege Escalation
2023-06-06 04:48:20
osv
osv
BIT-cassandra-2023-30601
2024-03-06 10:50:45
Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
2023-07-06 21:15:06
prion
prion
Privilege escalation
2023-05-30 08:15:00
github
github
Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
2023-07-06 21:15:06
nessus
nessus
Apache Cassandra 4.0.x < 4.0.10 / 4.1.x < 4.1.2 Privilege Escalation
2023-09-20 00:00:00
cve
cve
CVE-2023-30601
2023-05-30 08:15:10
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0404
2023-06-07 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0020
2023-06-07 00:00:00