Database Administration
cassandra
Updated Sun, 25 Sep 2022 13:01:50 GMT

Which versions of DataStax Enterprise have the fix for CVE-2020-13946?


Early versions of Apache Cassandra had a vulnerability that could potentially allow a local attacker to manipulate the RMI registry to capture credentials and gain access to the JMX interface (CVE-2020-13946).

Which versions of DataStax Enterprise have the fix for this issue?




Solution

CVE-2020-13946 has been patched in DataStax Enterprise (DSE) versions 5.1.19, 6.0.13, 6.7.10 and 6.8.3 (internal reference DSP-21264).

Upgrade to the corresponding latest DSE minor versions to mitigate the risk to your cluster. Cheers!