all InfoSec news
CVE-2023-30601 (cassandra)
May 30, 2023, 8:15 a.m. |
National Vulnerability Database web.nvd.nist.gov
This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.
WORKAROUND
The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.
MITIGATION
Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false.
access apache apache cassandra audit cassandra cve escalation issue logs mitigation non privilege privilege escalation run upgrade vulnerability workaround
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-21380 (android)
6 months ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
6 months ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
Technical Senior Manager, SecOps | Remote US
@ Coalfire | United States
Global Cybersecurity Governance Analyst
@ UL Solutions | United States
Security Engineer II, AWS Offensive Security
@ Amazon.com | US, WA, Virtual Location - Washington
Senior Cyber Threat Intelligence Analyst
@ Sainsbury's | Coventry, West Midlands, United Kingdom
Embedded Global Intelligence and Threat Monitoring Analyst
@ Sibylline Ltd | Austin, Texas, United States
Senior Security Engineer
@ Curai Health | Remote