{"id":"CVE-2020-17516","details":"Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement.","aliases":["BIT-cassandra-2020-17516","GHSA-2vxm-vp4c-fjfw"],"modified":"2026-05-18T16:31:03.063543Z","published":"2021-02-03T17:15:13.123Z","related":["SUSE-SU-2021:1962-1","SUSE-SU-2021:2554-1"],"references":[{"type":"WEB","url":"http://mail-archives.apache.org/mod_mbox/cassandra-user/202102.mbox/%3c6E4340A5-D7BE-4D33-9EC5-3B505A626D8D%40apache.org%3e"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r81243a412a37a22211754936a13856af07cc68a93d728c52807486e9%40%3Ccommits.cassandra.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rcb16f36cafa184dd159e94033f87d0fc274c4752d467f3a09f2ceae4%40%3Ccommits.cassandra.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rd84bec24907617bdb72f7ec907cd7437a0fd5a8886eb55aa84dd1eb8%40%3Ccommits.cassandra.apache.org%3E"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210521-0002/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/cassandra","events":[{"introduced":"e06c1e8381525363e90ccf694275361e2958647a"},{"last_affected":"94e9149c22f6a7772c0015e1b1ef2e2961155c0a"},{"introduced":"437bb9de77f54aa5a4a6a634ab3d2c753a17b3fc"},{"last_affected":"0d9462efc2cbf2a61a67ae4f6786086bb30272ef"},{"introduced":"96f407bce56b98cd824d18e32ee012dbb99a0286"},{"last_affected":"31530ff5ac6bd3bacd4b378573a2d191bdab8cd7"},{"introduced":"88dee7e9d515ad94ecf8f2309f1e6138ec79e1a2"},{"last_affected":"5ef75dd96cb693e4041e9ecb61a6852276f0eca4"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"2.1.0"},{"last_affected":"2.1.22"},{"introduced":"2.2.0"},{"last_affected":"2.2.19"},{"introduced":"3.0.0"},{"last_affected":"3.0.23"},{"introduced":"3.11.0"},{"last_affected":"3.11.9"}]}}],"versions":["cassandra-2.2.19","cassandra-3.11.9","cassandra-3.0.23","cassandra-3.11.8","cassandra-3.0.22","cassandra-2.2.18","cassandra-2.2.17","cassandra-3.0.21","cassandra-3.11.6","cassandra-3.0.20","cassandra-2.2.16","cassandra-3.11.5","cassandra-3.0.19","cassandra-2.2.15","cassandra-2.2.14","cassandra-3.11.4","cassandra-3.0.18","cassandra-2.2.13","cassandra-3.11.3","cassandra-3.0.17","cassandra-3.11.2","cassandra-3.0.16","cassandra-2.2.12","cassandra-2.2.11","cassandra-3.11.1","cassandra-3.0.15","cassandra-2.2.10","cassandra-3.11.0","cassandra-3.0.14","cassandra-3.0.13","cassandra-3.0.12","cassandra-3.0.11","cassandra-2.2.9","cassandra-3.0.10","cassandra-2.2.8","cassandra-3.0.9","cassandra-3.0.7","cassandra-3.0.6","cassandra-2.2.6","cassandra-3.0.5","cassandra-3.0.4","cassandra-3.0.3","cassandra-2.2.5","cassandra-3.0.1","cassandra-2.2.4","cassandra-3.0.0","cassandra-2.2.3","cassandra-2.2.2","cassandra-2.2.1","cassandra-2.2.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-17516.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}