CVE-2020-36939

Name of the Vulnerable Software and Affected Versions Cassandra Web version 0.5.0

Description The software contains a directory traversal issue that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files, such as /etc/passwd, and retrieve Apache Cassandra database credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.