Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-23015

Опубликовано: 04 фев. 2025
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

A flaw was found in Apache Cassandra. This vulnerability allows a user with MODIFY permission ON ALL KEYSPACES to escalate privileges to a superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
A-MQ Clients 2org.apache.cassandra/cassandra-allNot affected
Red Hat Data Grid 8org.apache.cassandra/cassandra-allWill not fix
Red Hat Fuse 7org.apache.cassandra/cassandra-allOut of support scope
Red Hat Integration Camel K 1org.apache.cassandra/cassandra-allWill not fix
Red Hat JBoss Data Grid 7org.apache.cassandra/cassandra-allOut of support scope
Red Hat JBoss Enterprise Application Platform 7cassandra-allNot affected
Red Hat JBoss Enterprise Application Platform 8cassandra-allNot affected
Red Hat JBoss Enterprise Application Platform Expansion Packorg.apache.cassandra/cassandra-allNot affected
streams for Apache Kafkaorg.apache.cassandra/cassandra-allNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-267
https://bugzilla.redhat.com/show_bug.cgi?id=2343722org.apache.cassandra:cassandra-all: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions

EPSS

Процентиль: 49%
0.00259
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-23015

CVSS3: 8.8
nvd
11 месяцев назад

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

debian логотип

CVE-2025-23015

CVSS3: 8.8
debian
11 месяцев назад

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandr ...

github логотип

GHSA-wmcc-9vch-jmx4

CVSS3: 8.8
github
11 месяцев назад

Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions

fstec логотип

BDU:2025-01582

CVSS3: 8.8
fstec
12 месяцев назад

Уязвимость распределённой системы управления базами данных Apache Cassandra, связанная с небезопасным управлением привилегиями, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 49%
0.00259
Низкий

5.5 Medium

CVSS3