CVE-2020-13946
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Man-in-the-middle attack in Apache Cassandra
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2020-13946.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.cassandra:cassandra-all | >=2.1.0,<2.1.12 | 2.1.12 |
| Maven | org.apache.cassandra:cassandra-all | >=2.2.0,<2.2.18 | 2.2.18 |
| Maven | org.apache.cassandra:cassandra-all | >=3.0.0,<3.0.22 | 3.0.22 |
| Maven | org.apache.cassandra:cassandra-all | >=3.11.0,<3.11.8 | 3.11.8 |
| Maven | org.apache.cassandra:cassandra-all | >=4.0-beta1,<4.0-beta2 | 4.0-beta2 |
References
- https://www.suse.com/security/cve/CVE-2020-13946.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-13946
- https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7@%3Cuser.cassandra.apache.org%3E
- https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce@%3Cuser.cassandra.apache.org%3E
- https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc@%3Cuser.cassandra.apache.org%3E
- https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210521-0005
Verify integrity in audit chain (admin only). AS-IS.