CVE-2020-15087

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-15087

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15087.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15087

Aliases

GHSA-f6pc-crhh-cp96

Published

2020-06-30T17:15:10Z

Modified

2024-05-14T07:50:31.073574Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. This only affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers.

References

Affected packages

Git / github.com/prestosql/presto

Affected ranges

Type: GIT
Repo: https://github.com/prestosql/presto
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c6599e6d98b549cbd3fe3ae4607c356803e80e2b

Affected versions

0.*

0.1

0.1-20130117.052245-122

0.1-20130119.065526-123

0.1-20130128.171735-124

0.10

0.100

0.101

0.102

0.103

0.104

0.105

0.106

0.107

0.108

0.109

0.11

0.110

0.111

0.112

0.113

0.114

0.115

0.116

0.117

0.118

0.119

0.12

0.121

0.122

0.123

0.124

0.125

0.126

0.127

0.128

0.129

0.13

0.130

0.131

0.132

0.133

0.134

0.135

0.136

0.137

0.138

0.139

0.14

0.140

0.141

0.142

0.143

0.144

0.145

0.146

0.147

0.148

0.149

0.15

0.150

0.151

0.152

0.153

0.154

0.155

0.156

0.157

0.158

0.159

0.16

0.160

0.161

0.162

0.163

0.164

0.165

0.166

0.167

0.168

0.169

0.17

0.170

0.171

0.172

0.173

0.174

0.175

0.176

0.177

0.178

0.179

0.18

0.180

0.181

0.182

0.183

0.184

0.185

0.186

0.188

0.189

0.19

0.190

0.191

0.192

0.193

0.194

0.195

0.196

0.197

0.198

0.199

0.2

0.20

0.200

0.201

0.202

0.203

0.204

0.205

0.206

0.207

0.208

0.209

0.21

0.210

0.211

0.212

0.213

0.214

0.215

0.22

0.23

0.24

0.25

0.26

0.27

0.28

0.29

0.3

0.30

0.31

0.32

0.33

0.34

0.35

0.36

0.37

0.38

0.39

0.4

0.40

0.41

0.42

0.43

0.44

0.45

0.46

0.47

0.48

0.49

0.5

0.50

0.51

0.52

0.53

0.54

0.55

0.56

0.57

0.58

0.59

0.6

0.60

0.61

0.62

0.63

0.64

0.65

0.66

0.67

0.68

0.69

0.7

0.70

0.71

0.72

0.73

0.74

0.75

0.76

0.77

0.78

0.79

0.8

0.80

0.81

0.82

0.83

0.84

0.85

0.86

0.87

0.88

0.89

0.9

0.90

0.91

0.92

0.93

0.94

0.95

0.96

0.97

0.98

0.99

Other

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

facebook-last

prestosql-first