oss-security - CVE-2023-30601: Apache Cassandra: Privilege escalation when enabling FQL/Audit logs

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Message-ID: <63f557a7-2578-0ad6-ea9d-a62883356c9d@apache.org>
Date: Mon, 29 May 2023 10:25:54 +0000
From: Marcus Eriksson <marcuse@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2023-30601: Apache Cassandra: Privilege escalation when
 enabling FQL/Audit logs 

Severity: important

Affected versions:

- Apache Cassandra 4.0.0 through 4.0.9
- Apache Cassandra 4.1.0 through 4.1.1

Description:

Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra
This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.

WORKAROUND
The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.

MITIGATION
Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false.

This issue is being tracked as CASSANDRA-18550 

Credit:

Gal Elbaz at Oligo (finder)

References:

https://cassandra.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-30601
https://issues.apache.org/jira/browse/CASSANDRA-18550

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.