Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN064 _____________________________________________________________________ DATE : 04/02/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Apache Cassandra versions prior to 4.0.16, 4.1.8, 5.0.3. ===================================================================== https://lists.apache.org/thread/jsk87d9yv8r204mgqpz1qxtp5wcrpysm https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s https://lists.apache.org/thread/yjo5on4tf7s1r9qklc4byrz30b8vkm2d _____________________________________________________________________ CVE-2024-27137: Apache Cassandra: unrestricted deserialization of JMX authentication credentials Severity: moderate Affected versions: - Apache Cassandra 4.0.2 before 4.0.15 - Apache Cassandra 4.1.0 before 4.1.8 - Apache Cassandra 5.0-beta1 before 5.0.3 Description: In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorized operations. This is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10. This issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11. Operators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue. References: https://cassandra.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-27137 _____________________________________________________________________ CVE-2025-23015: Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Severity: moderate Affected versions: - Apache Cassandra 3.0.0 through 3.0.30 - Apache Cassandra 3.1.0 through 3.11.17 - Apache Cassandra 4.0.0 through 4.0.15 - Apache Cassandra 4.1.0 through 4.1.7 - Apache Cassandra 5.0.0 through 5.0.2 Description: Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue. This issue was reported by Adam Pond, Ali Mirheidari, Terry Thibault, and Will Brattain of Apple Services Engineering Security. References: https://cassandra.apache.org/ https://www.cve.org/CVERecord?id=CVE-2025-23015 _____________________________________________________________________ CVE-2025-24860: Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions Severity: moderate Affected versions: - Apache Cassandra 4.0.0 through 4.0.15 - Apache Cassandra 4.1.0 through 4.1.7 - Apache Cassandra 5.0.0 through 5.0.2 Description: Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions. This issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer. Operators using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue. This issue was reported by Stefan Miklosovic References: https://cassandra.apache.org/ https://www.cve.org/CVERecord?id=CVE-2025-24860 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================