CVE-2023-30601
Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra
This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.
WORKAROUND
The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.
MITIGATION
Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false.
*Credits:
Gal Elbaz at Oligo
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-04-13 CVE Reserved
- 2023-05-30 CVE Published
- 2023-06-06 EPSS Updated
- 2024-10-09 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://lists.apache.org/thread/f74p9jdhmmp7vtrqd8lgm8bq3dhxl8vn | 2023-06-05 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Cassandra Search vendor "Apache" for product "Cassandra" | >= 4.0.0 < 4.0.10 Search vendor "Apache" for product "Cassandra" and version " >= 4.0.0 < 4.0.10" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Cassandra Search vendor "Apache" for product "Cassandra" | >= 4.1.0 < 4.1.2 Search vendor "Apache" for product "Cassandra" and version " >= 4.1.0 < 4.1.2" | - |
Affected
|