5 results (0.014 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users. MITIGATION Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false. • https://lists.apache.org/thread/f74p9jdhmmp7vtrqd8lgm8bq3dhxl8vn • CWE-269: Improper Privilege Management •

CVSS: 9.1EPSS: 5%CPEs: 3EXPL: 3

When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE. Cuando es ejecutado Apache Cassandra con la siguiente configuración: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false es posible que un atacante ejecute código arbitrario en el host. El atacante necesitaría tener suficientes permisos para crear funciones definidas por el usuario en el cluster para poder explotar esto. • https://github.com/WoodenKlaas/CVE-2021-44521 https://github.com/Yeyvo/poc-CVE-2021-44521 http://www.openwall.com/lists/oss-security/2022/02/11/4 https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356 https://security.netapp.com/advisory/ntap-20220225-0001 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 0

In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely. En Apache Cassandra, todas las versiones anteriores a 2.1.22, 2.2.18, 3.0.22, 3.11.8 y 4.0-beta2, es posible a un atacante local sin acceso al proceso de Apache Cassandra o archivos de configuración manipular el registro RMI para llevar a cabo un ataque de tipo man-in-the-middle y capturar los nombres de usuario y las contraseñas usadas para acceder a la interfaz JMX. El atacante puede usar estas credenciales para acceder a la interfaz JMX y llevar a cabo operaciones no autorizadas. • https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E https://security.netapp.com/advisory/ntap-20210521-0005 https://access • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 5.9EPSS: 0%CPEs: 73EXPL: 0

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html http://www.openwall.com/lists/oss-security/2020/09/01/4 http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/errata/RHBA-2019:0959 https://access.re •

CVSS: 10.0EPSS: 67%CPEs: 81EXPL: 0

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Vulnerabilidad no especificada en Oracle Java SE 6u113, 7u99 y 8u77; Java SE Embedded 8u77; y JRockit R28.3.9 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con JMX. It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-05 • CWE-284: Improper Access Control •