Lucene search
+L

10 matches found

Chainguard
Chainguard
added 2025/03/18 4:12 a.m.29 views

CVE-2025-24860 vulnerabilities

Vulnerabilities for packages: stargate...

5.4CVSS7.2AI score0.01056EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/02/04 12:30 p.m.7 views

com.ericsson.bss.cassandra.ecaudit:ecaudit_c5.0 (>=3.1.0 <=3.1.1) potentially affected by CVE-2025-24860 via org.apache.cassandra:cassandra-all (>=5.0.0 <=5.0.2)

org.apache.cassandra:cassandra-all MAVEN version =5.0.0, =3.1.0, =3.1.1 Source cves: CVE-2025-24860 Source advisory: SNYK:JAVA-ORGAPACHECASSANDRA-8688121...

5.4CVSS6AI score0.01056EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/02/04 12:30 p.m.8 views

com.instaclustr:cassandra-lucene-index-plugin (=4.0.0-1.0.0), com.instaclustr:ic-sstable-tools-4.0.0 (=1.0.0) +15 more potentially affected by CVE-2025-24860 via org.apache.cassandra:cassandra-all (>=4.0.0 <=4.0.13)

org.apache.cassandra:cassandra-all MAVEN version =4.0.0, =4.4.0.0, =4.4.0.0, =1.0.31, =1.0.31, =1.0.86, =1.2.0, =1.5.0, =1.5.0, =1.2.0, =1.2.0, =1.5.0 and more Source cves: CVE-2025-24860 Source advisory: SNYK:JAVA-ORGAPACHECASSANDRA-8688121...

5.4CVSS6AI score0.01056EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/02/04 12:30 p.m.11 views

com.instaclustr:cassandra-4 (=1.0), com.instaclustr:cassandra-kerberos-4 (=1.0.0) +24 more potentially affected by CVE-2025-24860 via org.apache.cassandra:cassandra-all (>=4.0-alpha3 <=4.0.13)

org.apache.cassandra:cassandra-all MAVEN version =4.0-alpha3, =1.0.2, =1.1, =1.0.0, =1.0.0, =4.4.0.0, =4.4.0.1 and more Source cves: CVE-2025-24860 Source advisory: OSV:GHSA-3CJF-FWCQ-XH22...

5.4CVSS6AI score0.01056EPSS
Exploits0
NVD
NVD
added 2025/02/04 11:15 a.m.34 views

CVE-2025-24860

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...

5.4CVSS0.01056EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/04 10:17 a.m.16 views

CVE-2025-24860 Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...

5.5AI score0.01056EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/04 10:17 a.m.38 views

CVE-2025-24860 Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...

0.01056EPSS
Exploits0References1
CVE
CVE
added 2025/02/04 10:17 a.m.131 views

CVE-2025-24860

CVE-2025-24860 is an Incorrect Authorization vulnerability in Apache Cassandra. The issue affects CassandraNetworkAuthorizer and CassandraCIDRAuthorizer on specific Cassandra releases: 4.0.0–4.0.15 and 4.1.0–4.1.7 for CassandraNetworkAuthorizer, and 5.0.0–5.0.2 for both authorizers. The root caus...

5.4CVSS6.9AI score0.01056EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/02/04 10:17 a.m.6 views

CVE-2025-24860 Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...

5.4CVSS6.8AI score0.01056EPSS
Exploits0References5
Circl
Circl
added 2025/02/03 11:49 p.m.27 views

CVE-2025-24860

creationtimestamp| type| source ---|---|--- 2025-02-03 23:49:34+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lhcq7pjmfe2t 2025-02-04 10:16:22+00:00| seen| https://bsky.app/profile/buherator.bsky.social/post/3lhdtaj5dbn25 2025-02-04 10:28:35+00:00| seen|...

5.4CVSS6AI score0.01056EPSS
Exploits0References9
Rows per page
Query Builder