10 matches found
CVE-2025-24860 vulnerabilities
Vulnerabilities for packages: stargate...
com.ericsson.bss.cassandra.ecaudit:ecaudit_c5.0 (>=3.1.0 <=3.1.1) potentially affected by CVE-2025-24860 via org.apache.cassandra:cassandra-all (>=5.0.0 <=5.0.2)
org.apache.cassandra:cassandra-all MAVEN version =5.0.0, =3.1.0, =3.1.1 Source cves: CVE-2025-24860 Source advisory: SNYK:JAVA-ORGAPACHECASSANDRA-8688121...
com.instaclustr:cassandra-lucene-index-plugin (=4.0.0-1.0.0), com.instaclustr:ic-sstable-tools-4.0.0 (=1.0.0) +15 more potentially affected by CVE-2025-24860 via org.apache.cassandra:cassandra-all (>=4.0.0 <=4.0.13)
org.apache.cassandra:cassandra-all MAVEN version =4.0.0, =4.4.0.0, =4.4.0.0, =1.0.31, =1.0.31, =1.0.86, =1.2.0, =1.5.0, =1.5.0, =1.2.0, =1.2.0, =1.5.0 and more Source cves: CVE-2025-24860 Source advisory: SNYK:JAVA-ORGAPACHECASSANDRA-8688121...
com.instaclustr:cassandra-4 (=1.0), com.instaclustr:cassandra-kerberos-4 (=1.0.0) +24 more potentially affected by CVE-2025-24860 via org.apache.cassandra:cassandra-all (>=4.0-alpha3 <=4.0.13)
org.apache.cassandra:cassandra-all MAVEN version =4.0-alpha3, =1.0.2, =1.1, =1.0.0, =1.0.0, =4.4.0.0, =4.4.0.1 and more Source cves: CVE-2025-24860 Source advisory: OSV:GHSA-3CJF-FWCQ-XH22...
CVE-2025-24860
Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...
CVE-2025-24860 Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...
CVE-2025-24860 Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...
CVE-2025-24860
CVE-2025-24860 is an Incorrect Authorization vulnerability in Apache Cassandra. The issue affects CassandraNetworkAuthorizer and CassandraCIDRAuthorizer on specific Cassandra releases: 4.0.0–4.0.15 and 4.1.0–4.1.7 for CassandraNetworkAuthorizer, and 5.0.0–5.0.2 for both authorizers. The root caus...
CVE-2025-24860 Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...
CVE-2025-24860
creationtimestamp| type| source ---|---|--- 2025-02-03 23:49:34+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lhcq7pjmfe2t 2025-02-04 10:16:22+00:00| seen| https://bsky.app/profile/buherator.bsky.social/post/3lhdtaj5dbn25 2025-02-04 10:28:35+00:00| seen|...