Lucene search
GoogleOSV:BIT-CASSANDRA-2023-30601HistoryMar 06, 2024 - 10:50 a.m.
BIT-cassandra-2023-30601
2024-03-0610:50:45
Google
osv.dev
6
privilege escalation
apache cassandra
fql
audit logs
vulnerability
nodetool
jmx access
upgrade
Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache CassandraThis issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.WORKAROUNDThe vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.MITIGATIONUpgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration propertyΒ allow_nodetool_archive_command as false.
Related
ibm
ibm
veracode
veracode
Privilege Escalation
2023-06-06 04:48:20
cvelist
cvelist
prion
prion
Privilege escalation
2023-05-30 08:15:00
github
github
Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
2023-07-06 21:15:06
nessus
nessus
Apache Cassandra 4.0.x < 4.0.10 / 4.1.x < 4.1.2 Privilege Escalation
2023-09-20 00:00:00
osv
osv
Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
2023-07-06 21:15:06
cve
cve
CVE-2023-30601
2023-05-30 08:15:10
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0404
2023-06-07 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0020
2023-06-07 00:00:00
7.7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.2%
Related for OSV:BIT-CASSANDRA-2023-30601