Cassandra Web 0.5.0 Remote File Read
Posted by deepcore on December 30, 2020 – 3:55 am
Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for the server to auth to it and provide the web access, so they are also one thing that can be captured via the arbitrary file read. Version 0.5.0 is affected.
Post a reply
You must be logged in to post a comment.