Primary

Context

Apache Cassandra Incorrect Authorization Vulnerability in Network Authorizers Allowing Unauthorized Access to Datacenters

Vulnerability

Patched

A vulnerability has been identified in Apache Cassandra that allows users to bypass authorization and access datacenters or IP/CIDR groups they should not be able to. This issue arises when using the CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Affected users with restricted datacenter access can manipulate their own permissions through data control language (DCL) statements. The vulnerability is present in Apache Cassandra versions 4.0.0 to 4.0.15, 4.1.0 to 4.1.7, and 5.0.0 to 5.0.2.

Impact

Exploitation of this vulnerability could lead to unauthorized access to datacenters and sensitive information, allowing users to manipulate permissions improperly.

Remediation

Users are advised to upgrade to Apache Cassandra versions 4.0.16, 4.1.8, or 5.0.3, which address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Cassandra Incorrect Authorization Vulnerability in Network Authorizers Allowing Unauthorized Access to Datacenters

Vulnerability

Impact

Remediation

Affected Products

Apache Cassandra

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating