Privilege Escalation Vulnerability in Instaclustr's Cassandra-Lucene-Index Plugin
CVE-2025-26511

8.8HIGH

Key Information:

Vendor: Netapp
Status: Instaclustr Fork Of Stratio's Cassandra-lucene-index Plugin
Vendor: CVE Published:; 13 February 2025

Summary

Authenticated users of systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin are at risk of privilege escalation due to a vulnerability that allows them to remotely bypass Role-Based Access Control (RBAC). This issue affects specific versions of the plugin when installed with Apache Cassandra version 4.x, potentially exposing sensitive data and compromising system integrity.

Affected Version(s)

Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin 4.0-rc1-1.0.0 <= 4.0.16-1.0.0

Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin 4.1.2-1.0.0 <= 4.1.8-1.0.0

References

https://github.com/instaclustr/cassandra-lucene-index/sec...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Feb 11, 2025