You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Sam Tunnicliffe (JIRA)" <ji...@apache.org> on 2019/05/08 15:30:00 UTC
[jira] [Commented] (CASSANDRA-15121) Apache Cassandra session reuse
vulnerability (TALOS-2019-0828)
[ https://issues.apache.org/jira/browse/CASSANDRA-15121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16835685#comment-16835685 ]
Sam Tunnicliffe commented on CASSANDRA-15121:
---------------------------------------------
Thanks, please submit the vulnerability report to security@apache.org, from where it will be recorded and forwarded to the Cassandra PMC.
> Apache Cassandra session reuse vulnerability (TALOS-2019-0828)
> --------------------------------------------------------------
>
> Key: CASSANDRA-15121
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15121
> Project: Cassandra
> Issue Type: Bug
> Reporter: Cisco Talos
> Priority: Normal
>
> Hello, the Cisco Talos team found a security vulnerability affecting Apache Cassandra. An exploitable authentication vulnerability exists in Apache Cassandra, versions 2.1.14 and 3.11.3.
> As this is a sensitive security issue, please confirm maintainer for this issue to accept the detailed security advisory report and trigger input files.
>
> For further information about the Cisco Vendor Vulnerability Reporting and Disclosure Policy please refer to this document which also links to our public PGP key. https://tools.cisco.com/security/center/resources/vendor_vulnerability_policy.html
> Please CC [vulndev@cisco.com|mailto:vulndev@cisco.com] on all correspondence related to this issue.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org