Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache Cassandra database credentials.

Cassandra Web 0.5.0 contains a directory traversal vulnerability that ...

Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache Cassandra database credentials.

Уязвимость веб-интерфейса для управления и взаимодействия с базой данных Cassandra Web, связанная с неверным ограничением имени пути к каталогу, позволяющая нарушителю читать произвольные файлы