org.apache.cassandra:cassandra-all
Maven10 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.cassandra:cassandra-allpage 1 of 1
- CVE-2018-8016CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.11.22018-06-28
vulnerable: 3.10, 3.11.0, 3.11.1, 3.8, 3.9
The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regress…
- CVE-2020-13946MEDIUMCVSS 5.9EG 5.9✓ Fixed in 4.0-beta22020-09-01
vulnerable: 4.0-beta1
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a …
- CVE-2020-17516HIGHCVSS 7.5EG 7.5✓ Fixed in 3.11.102021-02-03
vulnerable: 3.11.0 ... 3.11.9 (10 versions)
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or…
- CVE-2021-44521CRITICALCVSS 9.1EG 9.1✓ Fixed in 4.0.22022-02-11
vulnerable: 4.0.0, 4.0.1
When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitra…
- CVE-2023-30601HIGHCVSS 7.8EG 7.8✓ Fixed in 4.0.102023-05-30
vulnerable: 4.0.0 ... 4.0.9 (10 versions)
Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROU…
- CVE-2025-23015HIGHCVSS 8.8EG 8.8✓ Fixed in 5.0.32025-02-04
vulnerable: 5.0-alpha1 ... 5.0.2 (8 versions)
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Oper…
- CVE-2025-26467HIGHCVSS 8.8EG 8.8✓ Fixed in 4.0.172025-08-25
vulnerable: 4.0.16
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Oper…
- CVE-2026-27314HIGHCVSS 8.8EG 8.8✓ Fixed in 5.0.72026-04-07
vulnerable: 5.0-alpha1 ... 5.0.6 (12 versions)
Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, a…
- CVE-2026-27315MEDIUMCVSS 5.5EG 5.5✓ Fixed in 4.0.202026-04-07
vulnerable: 4.0.0 ... 4.0.9 (20 versions)
Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via ~/.cassandra/cqlsh_history local file access. Users are recommended to upgra…
- CVE-2026-32588MEDIUMCVSS 6.5EG 6.5✓ Fixed in 5.0.72026-04-07
vulnerable: 5.0.0 ... 5.0.6 (7 versions)
Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue.
Check whether org.apache.cassandra:cassandra-all is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.cassandra:cassandra-all CVEs against the assets you own.
Start Free Scan →