CVE-2023-30601 - OpenCVE

Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users. MITIGATION Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Cassandra

Configuration 1 [-]

OR	cpe:2.3:a:apache:cassandra::::::::
	cpe:2.3:a:apache:cassandra::::::::

No data.

References

Link	Providers
https://lists.apache.org/thread/f74p9jdhmmp7vtrqd8lgm8bq3dhxl8vn

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-05-30T07:25:49.920Z

Updated: 2024-08-02T14:28:52.010Z

Reserved: 2023-04-13T07:56:36.918Z

Link: CVE-2023-30601

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-30T08:15:10.450

Modified: 2023-06-05T16:41:46.257

Link: CVE-2023-30601

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-30601", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-04-13T07:56:36.918Z", "datePublished": "2023-05-30T07:25:49.920Z", "dateUpdated": "2024-08-02T14:28:52.010Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Cassandra", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "4.0.9", "status": "affected", "version": "4.0.0", "versionType": "semver"}, {"lessThanOrEqual": "4.1.1", "status": "affected", "version": "4.1.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Gal Elbaz at Oligo"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra<br><p>This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.</p>WORKAROUND<br>The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.<br><br>MITIGATION<br>Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false."}], "value": "Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra\nThis issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.\n\nWORKAROUND\nThe vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.\n\nMITIGATION\nUpgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property\u00a0allow_nodetool_archive_command as false."}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-05-30T07:25:49.920Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/f74p9jdhmmp7vtrqd8lgm8bq3dhxl8vn"}], "source": {"defect": ["CASSANDRA-18550"], "discovery": "UNKNOWN"}, "title": "Apache Cassandra: Privilege escalation when enabling FQL/Audit logs", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:28:52.010Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/f74p9jdhmmp7vtrqd8lgm8bq3dhxl8vn"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*", "matchCriteriaId": "124F4310-165F-4510-8A2B-58F16EE9B65D", "versionEndExcluding": "4.0.10", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*", "matchCriteriaId": "31B24681-2B2D-4BAC-9A33-BD771E411E7D", "versionEndExcluding": "4.1.2", "versionStartIncluding": "4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra\nThis issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.\n\nWORKAROUND\nThe vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.\n\nMITIGATION\nUpgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property\u00a0allow_nodetool_archive_command as false."}], "id": "CVE-2023-30601", "lastModified": "2023-06-05T16:41:46.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@apache.org", "type": "Secondary"}]}, "published": "2023-05-30T08:15:10.450", "references": [{"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread/f74p9jdhmmp7vtrqd8lgm8bq3dhxl8vn"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@apache.org", "type": "Primary"}]}