CVE-2021-44521

Name of the Vulnerable Software and Affected Versions Apache Cassandra versions prior to 3.0.26 Apache Cassandra versions prior to 3.11.12 Apache Cassandra versions prior to 4.0.2

Description The issue is related to the incorrect management of code generation in Apache Cassandra, which can allow an attacker to execute arbitrary code on the host. This can be achieved by exploiting a specific configuration scenario where user-defined functions (UDFs) are enabled, allowing the attacker to effectively utilize the Nashorn JavaScript engine to escape the sandbox and execute unreliable code. The configuration that makes Cassandra vulnerable includes the following parameters in cassandra.yaml: enable user defined functions: true, enable scripted user defined functions: true, and enable user defined functions threads: false. When the enable user defined functions threads parameter is set to false, all invoked UDF functions are executed in the Cassandra daemon, which has a security manager with some permissions, thus allowing the attacker to disable the security manager, escape the sandbox, and run arbitrary shell commands on the server.

Recommendations For Apache Cassandra versions prior to 3.0.26, update to version 3.0.26 or later. For Apache Cassandra versions prior to 3.11.12, update to version 3.11.12 or later. For Apache Cassandra versions prior to 4.0.2, update to version 4.0.2 or later. As a temporary workaround, consider disabling the enable user defined functions and enable scripted user defined functions configurations to minimize the risk of exploitation. Restrict access to the cassandra.yaml file to prevent modifications that could enable the vulnerable configuration.