-
Type:
Bug
-
Status: Triage Needed
-
Priority:
Normal
-
Resolution: Unresolved
-
Fix Version/s: None
-
Component/s: Feature/Authorization
-
Labels:
-
Bug Category:Security - Privilege Escalation
-
Discovered By:Unit Test
-
Platform:All
-
Impacts:Security
-
Since Version:
Version 2.3.5 of the Caffeine cache that we're using in various places can hand out stale entries in some cases. This seem to happen when an update fails repeatedly, in which case Caffeine may return a previously loaded value. For instance, the AuthCache may hand out permissions even though the reload operation is failing, see CASSANDRA-15041.
- is related to
-
CASSANDRA-15041 UncheckedExecutionException if authentication/authorization query fails
-
- Resolved
-