VYPR
High severityNVD Advisory· Published May 30, 2023· Updated Oct 9, 2024

Apache Cassandra: Privilege escalation when enabling FQL/Audit logs

CVE-2023-30601

Description

Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.

WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.

MITIGATION Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.cassandra:cassandra-allMaven
>= 4.1.0, < 4.1.24.1.2
org.apache.cassandra:cassandra-allMaven
>= 4.0.0, < 4.0.104.0.10

Affected products

4

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.