Nesuss 143421 Vulnerability

chroneh · November 14, 2023, 5:21pm

Hello Scylla Community,

I have a finding on my Scylla servers which is actually related to Apache Cassandra. It seems the scanner is seeing some code from Apache Cassandra that Scylla uses. Per Tenable, the finding is valid as Scylla is using the same vulnerable code as Apache Cassandra.
We are using the free version, so we cannot log a ticket for help.
As of a few months ago, we were on the latest version of ScyllaDB.

Can anyone confirm if they have this false finding as well and if so, what steps did you take to resolve?
Does the newest version fix this, anyone know?

Yaron_Kaikov · December 26, 2023, 2:22pm

Hi @chroneh

In which Scylla version did you see this vulnerability ?

chroneh · January 3, 2024, 2:15pm

The version we are running is 4.4.1.

Yaron_Kaikov · January 3, 2024, 8:28pm

@chroneh Thanks,

This release has been EOL for a long time now, we had many changes and updates since then, including vulnerability fixes.
I recommend checking our latest release, which is 5.4.0 - https://www.scylladb.com/download/#open-source

Thanks
Yaron