Early versions of Apache Cassandra had a vulnerability that could potentially allow a local attacker to manipulate the RMI registry to capture credentials and gain access to the JMX interface (CVE-2020-13946).
Which versions of DataStax Enterprise have the fix for this issue?
CVE-2020-13946 has been patched in DataStax Enterprise (DSE) versions 5.1.19, 6.0.13, 6.7.10 and 6.8.3 (internal reference DSP-21264).
Upgrade to the corresponding latest DSE minor versions to mitigate the risk to your cluster. Cheers!
External links referenced by this document: