CVE-2020-15087

EPSS 0.32%
Veröffentlicht 30.06.2020 17:15:10
Zuletzt bearbeitet 21.11.2024 05:04:47
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. This only affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Prestosql ≫ Presto Version < 337

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.543

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
security-advisories@github.com	7.4	2.8	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/prestosql/presto/security/advisories/GHSA-f6pc-crhh-cp96

Third Party Advisory

https://trino.io/docs/current/release/release-337.html#security-changes

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2020-15087

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15087

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15087

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-15087