7.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-30601

GHSA ID

GHSA-m9p2-j4hg-g373

EPSS Score

0.04643%

CWE

CWE-269

Published

7/6/2023

Updated

2/23/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-30601

CVE-2023-30601: Apache Cassandra: Privilege escalation when enabling FQL/Audit logs

Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1.

WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users.

MITIGATION Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false.

(GitHub Advisory)

7.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-30601

GHSA ID

GHSA-m9p2-j4hg-g373

EPSS Score

0.04643%

CWE

CWE-269

Published

7/6/2023

Updated

2/23/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.cassandra:cassandra-all	maven	>= 4.1.0, < 4.1.2	4.1.2
org.apache.cassandra:cassandra-all	maven	>= 4.0.0, < 4.0.10	4.0.10

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the lack of a security check in StorageService.enableFullQueryLogger() when processing archive commands. The patch introduced a check for 'allow_nodetool_archive_command' to prevent unauthorized command execution. The test modifications and commit diff confirm this function was the entry point for the insecure operation. The function's direct handling of user-provided archive_command parameters (via JMX/nodetool) makes it the clear vulnerability source when the configuration flag is improperly set.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Privil*** *s**l*tion w**n *n**lin* *QL/*u*it lo*s *llows us*r wit* JMX ****ss to run *r*itr*ry *omm*n*s *s t** us*r runnin* *p**** **ss*n*r* T*is issu* *****ts *p**** **ss*n*r*: *rom *.*.* t*rou** *.*.*, *rom *.*.* t*rou** *.*.*. WORK*ROUN* T** vuln

Reasoning

T** vuln*r**ility st*ms *rom t** l**k o* * s**urity ****k in Stor***S*rvi**.*n**l**ullQu*ryLo***r() w**n pro**ssin* *r**iv* *omm*n*s. T** p*t** intro*u*** * ****k *or '*llow_no**tool_*r**iv*_*omm*n*' to pr*v*nt un*ut*oriz** *omm*n* *x**ution. T** t*s

7.8

Basic Information

Concerned about an active attack path?

CVE-2023-30601: Apache Cassandra: Privilege escalation when enabling FQL/Audit logs

7.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI