exploitDog

GHSA-wmcc-9vch-jmx4

Опубликовано: 04 фев. 2025

Источник: github

Github: Прошло ревью

CVSS3: 8.8

Описание

Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.

This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.

Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

Ссылки

Пакеты

Наименование

org.apache.cassandra:cassandra-all

maven

Затронутые версииВерсия исправления

>= 5.0-alpha1, < 5.0.3

5.0.3

Наименование

org.apache.cassandra:cassandra-all

maven

Затронутые версииВерсия исправления

>= 4.1-alpha1, < 4.1.8

4.1.8

Наименование

org.apache.cassandra:cassandra-all

maven

Затронутые версииВерсия исправления

>= 4.0-alpha1, < 4.0.16

4.0.16

Наименование

org.apache.cassandra:cassandra-all

maven

Затронутые версииВерсия исправления

>= 3.1, < 3.11.18

3.11.18

Наименование

org.apache.cassandra:cassandra-all

maven

Затронутые версииВерсия исправления

< 3.0.31

3.0.31

EPSS

Процентиль: 49%

0.00259

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-267

Связанные уязвимости

CVE-2025-23015

CVSS3: 5.5

redhat

около 1 года назад

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

CVE-2025-23015

CVSS3: 8.8

nvd

около 1 года назад

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

CVE-2025-23015

CVSS3: 8.8

debian

около 1 года назад

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandr ...

BDU:2025-01582

CVSS3: 8.8

fstec

около 1 года назад

Уязвимость распределённой системы управления базами данных Apache Cassandra, связанная с небезопасным управлением привилегиями, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 49%

0.00259

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-267