9 matches found
Sensitive Information Disclosure
Apache Cassandra is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing sensitive data such as passwords in plaintext within the cqlsh history file, which allows an attacker with local access to read and retrieve sensitive information...
CVE-2026-27315
Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via /.cassandra/cqlshhistory local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description:...
BIT-CASSANDRA-2026-27315 Apache Cassandra: cqlsh history sensitive information leak
Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via /.cassandra/cqlshhistory local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description:...
GHSA-FH34-C629-P8XJ Apache Cassandra has sensitive Information Leak in cqlsh
Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via /.cassandra/cqlshhistory local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description:...
CVE-2026-27315
Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via /.cassandra/cqlshhistory local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description:...
CVE-2026-27315 Apache Cassandra: cqlsh history sensitive information leak
Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via /.cassandra/cqlshhistory local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description:...
CVE-2026-27315
CVE-2026-27315 affects Apache Cassandra 4.0 and its cqlsh history mechanism. The issue allows a local attacker to access sensitive data by reading the ~/.cassandra/cqlsh_history file, where command history can contain passwords and other secrets in cleartext if entered during cqlsh sessions. The ...
CVE-2026-27315 Apache Cassandra: cqlsh history sensitive information leak
Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via /.cassandra/cqlshhistory local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description:...
PT-2026-30915
Name of the Vulnerable Software and Affected Versions Apache Cassandra versions 4.0 through 4.0.19 Description Apache Cassandra's command-line tool, cqlsh, saves command history in the /.cassandra/cqlsh history file. This file does not redact sensitive information, meaning passwords used in cqlsh...