csaf_certbund - wid-sec-w-2025-0258

WID-SEC-W-2025-0258

Vulnerability from csaf_certbund - Published: 2025-02-03 23:00 - Updated: 2025-02-04 23:00

Summary

Apache Cassandra: Mehrere Schwachstellen.

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Apache Cassandra ist ein verteiltes, NoSQL-Datenbanksystem

Angriff

Ein Angreifer kann mehrere Schwachstellen in Apache Cassandra ausnutzen, um Informationen offenzulegen, oder seine Rechte zu erhöhen.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache Cassandra ist ein verteiltes, NoSQL-Datenbanksystem",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Apache Cassandra ausnutzen, um Informationen offenzulegen, oder seine Rechte zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0258 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0258.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0258 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0258"
      },
      {
        "category": "external",
        "summary": "Apache Mailing List vom 2025-02-03",
        "url": "https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s"
      },
      {
        "category": "external",
        "summary": "Apache Mailing List vom 2025-02-03",
        "url": "https://lists.apache.org/thread/jsk87d9yv8r204mgqpz1qxtp5wcrpysm"
      },
      {
        "category": "external",
        "summary": "Apache Mailing List vom 2025-02-03",
        "url": "https://lists.apache.org/thread/yjo5on4tf7s1r9qklc4byrz30b8vkm2d"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache Cassandra: Mehrere Schwachstellen.",
    "tracking": {
      "current_release_date": "2025-02-04T23:00:00.000+00:00",
      "generator": {
        "date": "2025-02-05T09:05:05.144+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2025-0258",
      "initial_release_date": "2025-02-03T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-02-03T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-02-04T23:00:00.000+00:00",
          "number": "2",
          "summary": "Plattformauswahl angepasst"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.0.3",
                "product": {
                  "name": "Apache Cassandra \u003c5.0.3",
                  "product_id": "T040041"
                }
              },
              {
                "category": "product_version",
                "name": "5.0.3",
                "product": {
                  "name": "Apache Cassandra 5.0.3",
                  "product_id": "T040041-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:cassandra:5.0.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.0.31",
                "product": {
                  "name": "Apache Cassandra \u003c3.0.31",
                  "product_id": "T040739"
                }
              },
              {
                "category": "product_version",
                "name": "3.0.31",
                "product": {
                  "name": "Apache Cassandra 3.0.31",
                  "product_id": "T040739-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:cassandra:3.0.31"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.11.18",
                "product": {
                  "name": "Apache Cassandra \u003c3.11.18",
                  "product_id": "T040740"
                }
              },
              {
                "category": "product_version",
                "name": "3.11.18",
                "product": {
                  "name": "Apache Cassandra 3.11.18",
                  "product_id": "T040740-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:cassandra:3.11.18"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.0.16",
                "product": {
                  "name": "Apache Cassandra \u003c4.0.16",
                  "product_id": "T040741"
                }
              },
              {
                "category": "product_version",
                "name": "4.0.16",
                "product": {
                  "name": "Apache Cassandra 4.0.16",
                  "product_id": "T040741-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:cassandra:4.0.16"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.1.8",
                "product": {
                  "name": "Apache Cassandra \u003c4.1.8",
                  "product_id": "T040742"
                }
              },
              {
                "category": "product_version",
                "name": "4.1.8",
                "product": {
                  "name": "Apache Cassandra 4.1.8",
                  "product_id": "T040742-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:cassandra:4.1.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.0.15",
                "product": {
                  "name": "Apache Cassandra \u003c4.0.15",
                  "product_id": "T040743"
                }
              },
              {
                "category": "product_version",
                "name": "4.0.15",
                "product": {
                  "name": "Apache Cassandra 4.0.15",
                  "product_id": "T040743-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:cassandra:4.0.15"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Cassandra"
          }
        ],
        "category": "vendor",
        "name": "Apache"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-27137",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Cassandra. Sie erlaubt es, Dateien im Verzeichnis \"RMI\" zu manipulieren und Credentials auszulesen. Ein lokaler Angreifer kann somit eine \"Man in the Middle\"-Attacke durchf\u00fchren und wichtige Benutzerinformationen wie Benutzernamen und Passw\u00f6rter aussp\u00e4hen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040041",
          "T040743",
          "T040742"
        ]
      },
      "release_date": "2025-02-03T23:00:00.000+00:00",
      "title": "CVE-2024-27137"
    },
    {
      "cve": "CVE-2025-23015",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Cassandra. Es ist m\u00f6glich durch unsichere Aktionen an einer Systemressource die Privilegien zum Superuser ausbauen. Ein Angreifer mit der Berechtigung MODIFY ON ALL KEYSPACES kann diese Schwachstelle ausnutzen, um seine Privilegien zum Superuser zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040041",
          "T040739",
          "T040742",
          "T040741",
          "T040740"
        ]
      },
      "release_date": "2025-02-03T23:00:00.000+00:00",
      "title": "CVE-2025-23015"
    },
    {
      "cve": "CVE-2025-24860",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache Cassandra. Sie besteht darin, dass der \"CassandraNetworkAuthorizer\" oer der \"CassandraCIDRAuthorizer\" Benutzer nicht korrekt authentifiziert. Ein entfernter, Authentisierter Angreifer kann mittels \"DataControlLanguage\" Anweisungen ausf\u00fchren, um seine Privilegien zu erh\u00f6hen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040041",
          "T040742",
          "T040741"
        ]
      },
      "release_date": "2025-02-03T23:00:00.000+00:00",
      "title": "CVE-2025-24860"
    }
  ]
}

CVE-2025-23015 (GCVE-0-2025-23015)

Vulnerability from cvelistv5 – Published: 2025-02-04 09:37 – Updated: 2025-02-15 00:10

Summary

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

Severity ?

No CVSS data available.

CWE

CWE-267 - Privilege Defined With Unsafe Actions

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/jmks4msbgkl65ssg6…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Cassandra	Affected: 3.0.0 , ≤ 3.0.30 (semver) Affected: 3.1.0 , ≤ 3.11.17 (semver) Affected: 4.0.0 , ≤ 4.0.15 (semver) Affected: 4.1.0 , ≤ 4.1.7 (semver) Affected: 5.0.0 , ≤ 5.0.2 (semver)

Credits

Adam Pond of Apple Services Engineering Security Ali Mirheidari of Apple Services Engineering Security Terry Thibault of Apple Services Engineering Security Will Brattain of Apple Services Engineering Security

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-15T00:10:34.356Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/02/03/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/02/11/1"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250214-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-23015",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T18:28:23.512076Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-04T18:28:55.466Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Cassandra",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "3.0.30",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "3.11.17",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.0.15",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.1.7",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.2",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Adam Pond of Apple Services Engineering Security"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Ali Mirheidari of Apple Services Engineering Security"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Terry Thibault of Apple Services Engineering Security"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Will Brattain of Apple Services Engineering Security"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.\u003cbr\u003e\u003cbr\u003eThis issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.\u003cbr\u003e"
            }
          ],
          "value": "Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.\n\nThis issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.\n\nUsers are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-267",
              "description": "CWE-267 Privilege Defined With Unsafe Actions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-04T09:37:18.580Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-23015",
    "datePublished": "2025-02-04T09:37:18.580Z",
    "dateReserved": "2025-01-10T03:33:46.731Z",
    "dateUpdated": "2025-02-15T00:10:34.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27137 (GCVE-0-2024-27137)

Vulnerability from cvelistv5 – Published: 2025-02-04 10:19 – Updated: 2025-02-15 00:10

Summary

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorized operations. This is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10. This issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11. Operators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue.

Severity ?

No CVSS data available.

CWE

Unrestricted deserialization of JMX authentication credentials

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/jsk87d9yv8r204mgq…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Cassandra	Affected: 4.0.2 , < 4.0.15 (semver) Affected: 4.1.0 , < 4.1.8 (semver) Affected: 5.0-beta1 , < 5.0.3 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-27137",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T19:45:49.479993Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-287",
                "description": "CWE-287 Improper Authentication",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-06T20:53:33.764Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-15T00:10:33.257Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250214-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Cassandra",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "4.0.15",
              "status": "affected",
              "version": "4.0.2",
              "versionType": "semver"
            },
            {
              "lessThan": "4.1.8",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.0.3",
              "status": "affected",
              "version": "5.0-beta1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn Apache Cassandra it is possible for a local attacker without access\n to the Apache Cassandra process or configuration files to manipulate \nthe RMI registry to perform a man-in-the-middle attack and capture user \nnames and passwords used to access the JMX interface. The attacker can \nthen use these credentials to access the JMX interface and perform \nunauthorized operations.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eOperators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue.\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "In Apache Cassandra it is possible for a local attacker without access\n to the Apache Cassandra process or configuration files to manipulate \nthe RMI registry to perform a man-in-the-middle attack and capture user \nnames and passwords used to access the JMX interface. The attacker can \nthen use these credentials to access the JMX interface and perform \nunauthorized operations.\n\n\nThis is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10.\n\n\nThis issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11.\n\n\nOperators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unrestricted deserialization of JMX authentication credentials",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-04T10:19:44.109Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/jsk87d9yv8r204mgqpz1qxtp5wcrpysm"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Cassandra: unrestricted deserialization of JMX authentication credentials",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-27137",
    "datePublished": "2025-02-04T10:19:44.109Z",
    "dateReserved": "2024-02-20T12:29:07.597Z",
    "dateUpdated": "2025-02-15T00:10:33.257Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24860 (GCVE-0-2025-24860)

Vulnerability from cvelistv5 – Published: 2025-02-04 10:17 – Updated: 2025-02-15 00:10

Summary

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions. This issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer. Operators using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue.

Severity ?

No CVSS data available.

CWE

CWE-863 - Incorrect Authorization

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/yjo5on4tf7s1r9qkl…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Cassandra	Affected: 4.0.0 , ≤ 4.0.15 (semver) Affected: 4.1.0 , ≤ 4.1.7 (semver) Affected: 5.0.0 , ≤ 5.0.2 (semver)

Credits

Stefan Miklosovic

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-15T00:10:37.682Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/02/03/3"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250214-0005/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-24860",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T19:43:54.954418Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-06T19:44:52.180Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Cassandra",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "4.0.15",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.1.7",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.2",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Stefan Miklosovic"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eIncorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer.\u003cbr\u003e\u003cbr\u003eUsers with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eOperators using\u0026nbsp;CassandraNetworkAuthorizer or\u0026nbsp;CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer.\n\nUsers with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions.\n\n\n\n\nThis issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer.\n\n\n\n\nOperators using\u00a0CassandraNetworkAuthorizer or\u00a0CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-04T10:17:55.258Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/yjo5on4tf7s1r9qklc4byrz30b8vkm2d"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-24860",
    "datePublished": "2025-02-04T10:17:55.258Z",
    "dateReserved": "2025-01-27T05:15:43.855Z",
    "dateUpdated": "2025-02-15T00:10:37.682Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-0258

CVE-2025-23015 (GCVE-0-2025-23015)

CVE-2024-27137 (GCVE-0-2024-27137)

CVE-2025-24860 (GCVE-0-2025-24860)

Tags

Sightings

Nomenclature