CVE-2024-27137 (GCVE-0-2024-27137)
Vulnerability from cvelistv5
Published
2025-02-04 10:19
Modified
2025-02-15 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unrestricted deserialization of JMX authentication credentials
Summary
In Apache Cassandra it is possible for a local attacker without access
to the Apache Cassandra process or configuration files to manipulate
the RMI registry to perform a man-in-the-middle attack and capture user
names and passwords used to access the JMX interface. The attacker can
then use these credentials to access the JMX interface and perform
unauthorized operations.
This is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10.
This issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11.
Operators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Cassandra |
Version: 4.0.2 ≤ Version: 4.1.0 ≤ Version: 5.0-beta1 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T19:45:49.479993Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T20:53:33.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-02-15T00:10:33.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250214-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Cassandra",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.0.15",
"status": "affected",
"version": "4.0.2",
"versionType": "semver"
},
{
"lessThan": "4.1.8",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"lessThan": "5.0.3",
"status": "affected",
"version": "5.0-beta1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Apache Cassandra it is possible for a local attacker without access\n to the Apache Cassandra process or configuration files to manipulate \nthe RMI registry to perform a man-in-the-middle attack and capture user \nnames and passwords used to access the JMX interface. The attacker can \nthen use these credentials to access the JMX interface and perform \nunauthorized operations.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eOperators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "In Apache Cassandra it is possible for a local attacker without access\n to the Apache Cassandra process or configuration files to manipulate \nthe RMI registry to perform a man-in-the-middle attack and capture user \nnames and passwords used to access the JMX interface. The attacker can \nthen use these credentials to access the JMX interface and perform \nunauthorized operations.\n\n\nThis is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10.\n\n\nThis issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11.\n\n\nOperators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unrestricted deserialization of JMX authentication credentials",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T10:19:44.109Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/jsk87d9yv8r204mgqpz1qxtp5wcrpysm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Cassandra: unrestricted deserialization of JMX authentication credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-27137",
"datePublished": "2025-02-04T10:19:44.109Z",
"dateReserved": "2024-02-20T12:29:07.597Z",
"dateUpdated": "2025-02-15T00:10:33.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20250214-0004/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-02-15T00:10:33.257Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-27137\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-06T19:45:49.479993Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-06T19:46:33.882Z\"}}], \"cna\": {\"title\": \"Apache Cassandra: unrestricted deserialization of JMX authentication credentials\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Cassandra\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0.2\", \"lessThan\": \"4.0.15\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.1.0\", \"lessThan\": \"4.1.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"5.0-beta1\", \"lessThan\": \"5.0.3\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/jsk87d9yv8r204mgqpz1qxtp5wcrpysm\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Apache Cassandra it is possible for a local attacker without access\\n to the Apache Cassandra process or configuration files to manipulate \\nthe RMI registry to perform a man-in-the-middle attack and capture user \\nnames and passwords used to access the JMX interface. The attacker can \\nthen use these credentials to access the JMX interface and perform \\nunauthorized operations.\\n\\n\\nThis is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10.\\n\\n\\nThis issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11.\\n\\n\\nOperators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIn Apache Cassandra it is possible for a local attacker without access\\n to the Apache Cassandra process or configuration files to manipulate \\nthe RMI registry to perform a man-in-the-middle attack and capture user \\nnames and passwords used to access the JMX interface. The attacker can \\nthen use these credentials to access the JMX interface and perform \\nunauthorized operations.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eOperators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue.\u003cbr\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Unrestricted deserialization of JMX authentication credentials\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-02-04T10:19:44.109Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-27137\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-15T00:10:33.257Z\", \"dateReserved\": \"2024-02-20T12:29:07.597Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-02-04T10:19:44.109Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…