Описание
When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.
A flaw was found in Cassandra that allows users with certain permissions to execute user-defined functions to create scripts and run remote code execution. This flaw allows an attacker to gain unwanted access and also execute actions against Cassandra.
Отчет
While the CVSS is quite high this flaw has been downgraded to moderate impact for three main reasons:
- Administrator privileges are required.
- The configuration required to enable this flaw is non-default.
- Cassandra documentation describes this configuration to be unsafe. This configuration should continue to be considered unsafe even after applying the fix for this CVE.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | cassandra | Not affected | ||
| A-MQ Clients 2 | org.apache.logging.log4j-log4j | Not affected | ||
| Distributed Tracing Jaeger 1 | distributed-tracing/jaeger-agent-rhel8 | Not affected | ||
| Distributed Tracing Jaeger 1 | distributed-tracing/jaeger-all-in-one-rhel8 | Not affected | ||
| Distributed Tracing Jaeger 1 | distributed-tracing/jaeger-collector-rhel8 | Not affected | ||
| Distributed Tracing Jaeger 1 | distributed-tracing/jaeger-es-index-cleaner-rhel8 | Not affected | ||
| Distributed Tracing Jaeger 1 | distributed-tracing/jaeger-es-rollover-rhel8 | Not affected | ||
| Distributed Tracing Jaeger 1 | distributed-tracing/jaeger-ingester-rhel8 | Not affected | ||
| Distributed Tracing Jaeger 1 | distributed-tracing/jaeger-query-rhel8 | Not affected | ||
| Red Hat build of Quarkus | cassandra | Not affected |
Показывать по
Дополнительная информация
Статус:
9.1 Critical
CVSS3
Связанные уязвимости
When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.
When running Apache Cassandra with the following configuration: enable ...
Apache Cassandra vulnerable to Code Injection due to unsafe configuration
Уязвимость распределённой системы управления базами данных Apache Cassandra, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код на хосте
9.1 Critical
CVSS3