219 matches found
EUVD-2023-38098
Malicious code in bioql PyPI...
ROS-20250923-06
A vulnerability in the Apache Cassandra distributed database management system is related to improper privilege handling. Exploitation of the vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and availability of protected information. impact the...
Privilege Defined With Unsafe Actions
org.apache.cassandra, cassandra-all is vulnerable to Privilege Defined With Unsafe Actions. The vulnerability is due to unsafe actions on a system resource, which allow a user with MODIFY permission on all keyspaces to escalate privileges to superuser within an Apache Cassandra cluster...
CVE-2025-26467
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...
AZL-66698 CVE-2025-26467 affecting package cassandra 5.0.0-2
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...
CVE-2025-26467 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...
CVE-2025-26467 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...
Apache Cassandra 安全漏洞
Apache Cassandra is a distributed Nosql database from the Apache USA Foundation. A security vulnerability exists in Apache Cassandra versions 3.0.30, 3.11.17, 4.0.16, 4.1.7, and 5.0.2, which stems from an improperly defined privilege that could lead to elevation of privilege...
BIT-CASSANDRA-2024-27137 Apache Cassandra: unrestricted deserialization of JMX authentication credentials
In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...
Apache Cassandra Authorization Issues Vulnerability
Apache Cassandra is a distributed Nosql database from the American Apache Apache Foundation. Apache Cassandra suffers from an authorization issue vulnerability that stems from the inclusion of an incorrect authorization, which can be exploited by an attacker to access a datacenter or IP/CIDR grou...
The vulnerability of the distributed database management system Apache Cassandra lies in its insecure handling of privileges, allowing attackers to elevate their own privileges.
The vulnerability of the distributed database management system Apache Cassandra lies in the insecure management of privileges. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
GHSA-MRQP-Q7VX-V2CX Instaclustr Cassandra-Lucene-Index allows bypass of Cassandra RBAC
Summary / Details Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.0-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited coul...
PT-2025-24459
Name of the Vulnerable Software and Affected Versions: Apache Cassandra versions 3.0.30 Apache Cassandra versions 3.11.17 Apache Cassandra versions 4.0.16 Apache Cassandra versions 4.1.7 Apache Cassandra versions 5.0.2 Description: A privilege escalation issue exists in Apache Cassandra where a...
BIT-CASSANDRA-2025-23015 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...
BIT-CASSANDRA-2025-24860 Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...
Privilege Defined With Unsafe Actions
org.apache.cassandra, cassandra-all is vulnerable to Privilege Defined With Unsafe Actions. The vulnerability is due to unsafe actions on a system resource, which allow a user with MODIFY permission on all keyspaces to escalate privileges to superuser within an Apache Cassandra cluster...
Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...
Apache Cassandra: unrestricted deserialization of JMX authentication credentials
In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...
Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...
GHSA-3CJF-FWCQ-XH22 Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...