AZL-56433 CVE-2025-24860 affecting package cassandra 5.0.0-2

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...

PT-2025-5589 · Apache · Apache Cassandra

Name of the Vulnerable Software and Affected Versions: Apache Cassandra versions 4.0.0 through 4.0.15 Apache Cassandra versions 4.1.0 through 4.1.7 Apache Cassandra versions 5.0.0 through 5.0.2 Description: The issue allows users to access a datacenter or IP/CIDR groups they should not be able to...