Lucene search
K

29 matches found

OSV
OSV
added 2026/04/07 6:31 p.m.3 views

GHSA-QXPC-96FQ-WWMG Apache Cassandra is vulnerable to privilege escalation in an mTLS environment using MutualTlsAuthenticator

Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY. Users are...

8.8CVSS5.9AI score0.00263EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/04/07 6:31 p.m.8 views

com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.0 (=3.1.3), com.instaclustr:cassandra-4 (=1.0) +28 more potentially affected by CVE-2026-32588 via org.apache.cassandra:cassandra-all (>=4.0-alpha3 <=4.0.2)

org.apache.cassandra:cassandra-all MAVEN version =4.0-alpha3, =1.0.2, =1.1, =1.0.0, =1.0.0, =1.1.1 - com.instaclustr:ttl-remover-cassandra-4.0.0 =1.0 - com.netflix.priam:priam =4.0.0-alpha9 - com.netflix.priam:priam-cass-extensions =4.0.0-alpha9 - com.netflix.priam:priam-dse-extensions...

6.5CVSS5.8AI score0.00533EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/07 6:31 p.m.6 views

com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.0 (=3.1.3), com.instaclustr:cassandra-4 (=1.0) +28 more potentially affected by CVE-2026-32588 via org.apache.cassandra:cassandra-all (>=4.0-alpha3 <=4.0.2)

org.apache.cassandra:cassandra-all MAVEN version =4.0-alpha3, =1.0.2, =1.1, =1.0.0, =1.0.0, =1.1.1 - com.instaclustr:ttl-remover-cassandra-4.0.0 =1.0 - com.netflix.priam:priam =4.0.0-alpha9 - com.netflix.priam:priam-cass-extensions =4.0.0-alpha9 - com.netflix.priam:priam-dse-extensions...

6.5CVSS5.8AI score0.00533EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30916

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...

5.8AI score0.00533EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-2477

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.02289EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2100

Malicious code in bioql PyPI...

7.8CVSS7.3AI score0.00324EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-25767

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00469EPSS
Exploits0References3
OSV
OSV
added 2025/02/20 7:10 p.m.11 views

BIT-CASSANDRA-2024-27137 Apache Cassandra: unrestricted deserialization of JMX authentication credentials

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...

5.3CVSS5.4AI score0.00259EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/13 3:44 p.m.8 views

CVE-2025-26511 Cassandra-Lucene-Index allows bypass of Cassandra RBAC

Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow...

8.8CVSS7.2AI score0.00536EPSS
Exploits0References1
Veracode
Veracode
added 2025/02/10 4:12 p.m.8 views

Man-In-The-Middle (MITM)

org.apache.cassandra:cassandra-all is vulnerable to a Man-In-The-Middle attack. The vulnerability is due to improper RMI registry protections due to the ability of a local attacker to manipulate the RMI registry, allowing them to capture JMX interface credentials and perform unauthorized operatio...

5.3CVSS5.6AI score0.00259EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/02/04 12:30 p.m.2 views

Privilege Defined With Unsafe Actions

Overview org.apache.cassandra:cassandra-all is a maven plugin for the Apache Cassandra Project. Which, develops a highly scalable second-generation distributed database, bringing together Dynamo's fully distributed design and Bigtable's ColumnFamily-based data model. Affected versions of this...

8.8CVSS7.1AI score0.00877EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/02/04 12:30 p.m.8 views

com.baidu.hugegraph:hugegraph-cassandra (>=0.7.4 <=0.11.2), com.baidu.hugegraph:hugegraph-dist (>=0.7.4 <=0.11.2) +97 more potentially affected by CVE-2025-23015 via org.apache.cassandra:cassandra-all (>=3.10 <=3.11.17)

org.apache.cassandra:cassandra-all MAVEN version =3.10, =0.7.4, =0.7.4, =0.7.4, =0.7.4, =0.7.4, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =6.5.13, =6.5.13, =6.5.250 and more Source cves: CVE-2025-23015 Source advisory:...

8.8CVSS7.6AI score0.00877EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/02/04 12:30 p.m.10 views

com.instaclustr:cassandra-4 (=1.0), com.instaclustr:cassandra-kerberos-4 (=1.0.0) +24 more potentially affected by CVE-2025-24860 via org.apache.cassandra:cassandra-all (>=4.0-alpha3 <=4.0.13)

org.apache.cassandra:cassandra-all MAVEN version =4.0-alpha3, =1.0.2, =1.1, =1.0.0, =1.0.0, =4.4.0.0, =4.4.0.1 and more Source cves: CVE-2025-24860 Source advisory: OSV:GHSA-3CJF-FWCQ-XH22...

5.4CVSS6AI score0.0099EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/02/04 12:30 p.m.10 views

ai.grakn:grakn (>=0.13.0 <=0.14.0), ai.grakn:grakn-client (>=0.13.0 <=0.14.0) +374 more potentially affected by CVE-2025-23015 via org.apache.cassandra:cassandra-all (>=0.7.0-rc4 <=3.0.3)

org.apache.cassandra:cassandra-all MAVEN version =0.7.0-rc4, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.7.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.10.0, =0.13.0, =0.15.0, =0.6.1, =0.10.0 and more Source cves: CVE-2025-23015 Source advisory: OSV:GHSA-WMCC-9VCH-JMX4...

8.8CVSS7.2AI score0.00877EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/02/04 12:30 p.m.8 views

com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.1 (>=3.0.0 <=3.1.0), com.instaclustr:cassandra-ldap-4.1.0 (=1.0.0) +20 more potentially affected by CVE-2025-23015 via org.apache.cassandra:cassandra-all (>=4.1.0 <=4.1.6)

org.apache.cassandra:cassandra-all MAVEN version =4.1.0, =3.0.0, =4.1.0, =4.1.0, =4.1.0, =2.1.0-ALPHA-8, =0.13.0, =2.6.0, =2.10.0, =2.17.0 and more Source cves: CVE-2025-23015 Source advisory: OSV:GHSA-WMCC-9VCH-JMX4...

8.8CVSS7.2AI score0.00877EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/02/04 12:30 p.m.9 views

com.ericsson.bss.cassandra.ecaudit:ecaudit_c5.0 (>=3.1.0 <=3.1.1) potentially affected by CVE-2025-23015 +1 more via org.apache.cassandra:cassandra-all (>=5.0.0 <=5.0.2)

org.apache.cassandra:cassandra-all MAVEN version =5.0.0, =3.1.0, =3.1.1 Source cves: CVE-2025-23015, CVE-2025-26467 Source advisory: SNYK:JAVA-ORGAPACHECASSANDRA-8688120...

8.8CVSS7.2AI score0.00877EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/02/04 12:30 p.m.20 views

com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.1 (>=3.0.0 <=3.1.0), com.instaclustr:cassandra-ldap-4.1.0 (=1.0.0) +20 more potentially affected by CVE-2024-27137 via org.apache.cassandra:cassandra-all (>=4.1.0 <=4.1.6)

org.apache.cassandra:cassandra-all MAVEN version =4.1.0, =3.0.0, =4.1.0, =4.1.0, =4.1.0, =2.1.0-ALPHA-8, =0.13.0, =2.6.0, =2.10.0, =2.17.0 and more Source cves: CVE-2024-27137 Source advisory: OSV:GHSA-RGFX-7P65-3FF4...

5.3CVSS5.8AI score0.00259EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/02/04 12:30 p.m.20 views

Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

8.8CVSS7AI score0.00877EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2025/02/04 11:15 a.m.7 views

AZL-56446 CVE-2024-27137 affecting package cassandra 4.0.10-1

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...

5.3CVSS6.9AI score0.00259EPSS
Exploits0References1
CVE
CVE
added 2025/02/04 10:19 a.m.119 views

CVE-2024-27137

CVE-2024-27137 technical details are not publicly available in the provided connected documents. Monitor for updates from vendor advisories to confirm affected versions, impact, and fixes.

5.3CVSS6.5AI score0.00259EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder