Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow authenticated Cassandra users to remotely bypass RBAC and escalate their privileges.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| com.instaclustr:cassandra-lucene-index-plugin(Maven) | 4.0-rc1-1.0.0 | 4.0.17-1.0.0 | N/A |
| com.instaclustr:cassandra-lucene-index-plugin(Maven) | 4.1.0-1.0.0 | 4.1.8-1.0.1 | N/A |
CVSS Metrics
