Lucene search
PRIOn knowledge basePRION:CVE-2023-30601HistoryMay 30, 2023 - 8:15 a.m.
Privilege escalation
2023-05-3008:15:00
PRIOn knowledge base
www.prio-n.com
5
apache cassandra
privilege escalation
vulnerability
fql
audit logs
jmx access
arbitrary commands
upgrade
mitigation
nodetool
Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra
This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.
WORKAROUND
The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.
MITIGATION
Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration propertyΒ allow_nodetool_archive_command as false.
Related
veracode
veracode
Privilege Escalation
2023-06-06 04:48:20
ibm
ibm
cvelist
cvelist
nvd
nvd
CVE-2023-30601
2023-05-30 08:15:10
github
github
Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
2023-07-06 21:15:06
osv
osv
BIT-cassandra-2023-30601
2024-03-06 10:50:45
Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
2023-07-06 21:15:06
nessus
nessus
Apache Cassandra 4.0.x < 4.0.10 / 4.1.x < 4.1.2 Privilege Escalation
2023-09-20 00:00:00
cve
cve
CVE-2023-30601
2023-05-30 08:15:10
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0404
2023-06-07 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0020
2023-06-07 00:00:00