Lucene search
Veracode Vulnerability DatabaseVERACODE:40798HistoryJun 06, 2023 - 4:48 a.m.
Privilege Escalation
2023-06-0604:48:20
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
26
cassandra-all
privilege escalation
fql/audit logs
jmx access
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.2%
cassandra-all is vulnerable to Privilege Escalation. The vulnerability exists when enabling FQL/Audit logs, which allows an attacker with JMX access to run arbitrary commands.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache cassandra | le | 4.0.9 | |
| apache cassandra | le | 4.1.1 | |
| apache cassandra | le | 4.0.9 | |
| apache cassandra | le | 4.1.1 |
Related
ibm
ibm
osv
osv
BIT-cassandra-2023-30601
2024-03-06 10:50:45
Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
2023-07-06 21:15:06
prion
prion
Privilege escalation
2023-05-30 08:15:00
cvelist
cvelist
nessus
nessus
Apache Cassandra 4.0.x < 4.0.10 / 4.1.x < 4.1.2 Privilege Escalation
2023-09-20 00:00:00
cve
cve
CVE-2023-30601
2023-05-30 08:15:10
github
github
Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
2023-07-06 21:15:06
nvd
nvd
CVE-2023-30601
2023-05-30 08:15:10
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0404
2023-06-07 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0020
2023-06-07 00:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.2%
Related for VERACODE:40798