cassandra: Updated Sun, 25 Sep 2022 13:01:50 GMT

Which versions of DataStax Enterprise have the fix for CVE-2020-13946?

Early versions of Apache Cassandra had a vulnerability that could potentially allow a local attacker to manipulate the RMI registry to capture credentials and gain access to the JMX interface (CVE-2020-13946).

Which versions of DataStax Enterprise have the fix for this issue?

Solution

CVE-2020-13946 has been patched in DataStax Enterprise (DSE) versions 5.1.19, 6.0.13, 6.7.10 and 6.8.3 (internal reference DSP-21264).

Upgrade to the corresponding latest DSE minor versions to mitigate the risk to your cluster. Cheers!

External Links

External links referenced by this document:

https://nvd.nist.gov/vuln/detail/CVE-2020-13946
https://www.datastax.com/products/datastax-enterprise

References

https://dba.stackexchange.com/questions/315526