[
https://issues.apache.org/jira/browse/CASSANDRA-18922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17777490#comment-17777490
]
Jai Bheemsen Rao Dhanwada commented on CASSANDRA-18922:
-------------------------------------------------------
thanks [~brandon.williams] can you provide some more details as to why only 5.0
is impacted?
Reading through the comments it looks like we need to set the hostname
verification by default. Is this derived from the `server_encryption_option`:
`require_endpoint_verification`
> cassandra-driver-core-3.11.5 vulnerability: CVE-2023-4586
> ---------------------------------------------------------
>
> Key: CASSANDRA-18922
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18922
> Project: Cassandra
> Issue Type: Bug
> Components: Dependencies
> Reporter: Brandon Williams
> Assignee: Brandon Williams
> Priority: Normal
> Fix For: 5.0.x, 5.x
>
>
> This is failing OWASP: https://nvd.nist.gov/vuln/detail/CVE-2023-4586
> but appears to be a false positive.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
