Bitnami/cassandra — 9 CVEs

CRITICAL9.1CVE-2021-44521Apache Cassandra vulnerable to Code Injection due to unsafe configuration

>= 3.0.0, < 3.0.26, >= 3.11.0, < 3.11.12, >= 4.0.0, < 4.0.2

HIGH8.8CVE-2025-26467Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)

>= 4.0.16, < 4.0.17

HIGH8.8CVE-2025-23015Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions

>= 3.0.0, < 3.0.31, >= 3.1.0, < 3.11.18, >= 4.0.0, < 4.0.16, >= 4.1.0, < 4.1.8, >= 5.0.0, < 5.0.3

HIGH7.8Apache Cassandra: Privilege escalation when enabling FQL/Audit logs

>= 4.0.0, < 4.0.10, >= 4.1.0, < 4.1.2

HIGH7.5Authentication Bypass in Apache Cassandra

>= 2.1.0, < 2.1.23, >= 2.2.0, < 2.2.20, >= 3.0.0, < 3.0.24, >= 3.11.0, < 3.11.10

MEDIUM5.9Apache Cassandra: unrestricted deserialization of JMX authentication credentials

>= 4.0.2, < 4.0.15, >= 4.1.0, < 4.1.8, >= 5.0.0, < 5.0.3

MEDIUM5.9Man-in-the-middle attack in Apache Cassandra

from 0, < 2.1.22, >= 2.2.0, < 2.2.18, >= 3.0.0, < 3.0.22, >= 3.11.0, < 3.11.8

MEDIUM5.5Apache Cassandra has sensitive Information Leak in cqlsh

>= 4.0.0, < 4.0.20

MEDIUM5.4Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions

>= 4.0.0, < 4.0.16, >= 4.1.0, < 4.1.8, >= 5.0.0, < 5.0.3

pkg:Bitnami/cassandra

✅ Check your installed version

All known vulnerabilities