[
https://issues.apache.org/jira/browse/CASSANDRA-20666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17953153#comment-17953153
]
Chris Lohfink commented on CASSANDRA-20666:
-------------------------------------------
jcommander isn't used by cassandra, its used by sjk which you can run with
nodetool
> Cassandra 5.0.2. JCommander could allow a remote attacker to obtain sensitive
> information, caused by the use of HTTP to resolve dependencies instead of
> HTTPS.
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-20666
> URL: https://issues.apache.org/jira/browse/CASSANDRA-20666
> Project: Apache Cassandra
> Issue Type: Bug
> Reporter: Kapil Shewate
> Priority: Normal
>
> *IBM X-Force ID:* 221124
> *DESCRIPTION:* JCommander could allow a remote attacker to obtain sensitive
> information, caused by the use of HTTP to resolve dependencies instead of
> HTTPS. By sniffing the network traffic, an attacker could exploit this
> vulnerability to obtain sensitive information, and use this information to
> launch further attacks against the affected system.
> CVSS Base score: 5.9
> CVSS Temporal Score: See:
> [https://exchange.xforce.ibmcloud.com/vulnerabilities/221124
> |https://exchange.xforce.ibmcloud.com/vulnerabilities/221124]for the current
> score.
> CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
