Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.
This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.
Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.
Weakness
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cassandra | Apache | 3.0.0 (including) | 3.0.31 (excluding) |
| Cassandra | Apache | 3.1 (including) | 3.11.18 (excluding) |
| Cassandra | Apache | 4.0.0 (including) | 4.0.16 (excluding) |
| Cassandra | Apache | 4.1.0 (including) | 4.1.8 (excluding) |
| Cassandra | Apache | 5.0.0 (including) | 5.0.3 (excluding) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/58.html
- https://cwe.mitre.org/data/definitions/634.html
- https://cwe.mitre.org/data/definitions/637.html
- https://cwe.mitre.org/data/definitions/643.html
- https://cwe.mitre.org/data/definitions/648.html