Kapil Shewate created CASSANDRA-20666:
-----------------------------------------
Summary: Cassandra 5.0.2. JCommander could allow a remote attacker
to obtain sensitive information, caused by the use of HTTP to resolve
dependencies instead of HTTPS.
Key: CASSANDRA-20666
URL: https://issues.apache.org/jira/browse/CASSANDRA-20666
Project: Apache Cassandra
Issue Type: Bug
Reporter: Kapil Shewate
*IBM X-Force ID:* 221124
*DESCRIPTION:* JCommander could allow a remote attacker to obtain sensitive
information, caused by the use of HTTP to resolve dependencies instead of
HTTPS. By sniffing the network traffic, an attacker could exploit this
vulnerability to obtain sensitive information, and use this information to
launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See:
[https://exchange.xforce.ibmcloud.com/vulnerabilities/221124
|https://exchange.xforce.ibmcloud.com/vulnerabilities/221124]for the current
score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
