GHSA-F6PC-CRHH-CP96

Vulnerability from github – Published: 2020-06-30 16:33 – Updated: 2022-10-22 00:58
VLAI?
Summary
Privilege escalation in Presto
Details

Affected

This affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver.

Impact

Authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured.

This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure.

Patches

This issue has been fixed starting with PrestoSQL version 337.

Workarounds

This issue can be mitigated by blocking network access to internal APIs on the coordinator and workers.

References

See the Presto documentation for Secure Internal Communication.

For more information

If you have any questions or comments about this advisory: * Join the #security channel on Slack. * Contact the security team at security@trino.io

Severity ?
7.4 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.prestosql:presto-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "337"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-15087"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-30T16:33:11Z",
    "nvd_published_at": "2020-06-30T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Affected\nThis affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver.\n\n### Impact\nAuthenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured.\n\nThis does not affect installations that have not configured secure internal communication, as these installations are inherently insecure.\n\n### Patches\nThis issue has been fixed starting with PrestoSQL version 337.\n\n### Workarounds\nThis issue can be mitigated by blocking network access to internal APIs on the coordinator and workers. \n\n### References\nSee the Presto documentation for [Secure Internal Communication](https://trino.io/docs/current/security/internal-communication.html).\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Join the **#security** channel on [Slack](https://trino.io/slack.html).\n* Contact the security team at [security@trino.io](mailto:security@trino.io)",
  "id": "GHSA-f6pc-crhh-cp96",
  "modified": "2022-10-22T00:58:08Z",
  "published": "2020-06-30T16:33:23Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/prestosql/presto/security/advisories/GHSA-f6pc-crhh-cp96"
    },
    {
      "type": "WEB",
      "url": "https://github.com/trinodb/trino/security/advisories/GHSA-f6pc-crhh-cp96"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15087"
    },
    {
      "type": "WEB",
      "url": "https://prestosql.io/docs/current/release/release-337.html#security-changes"
    },
    {
      "type": "WEB",
      "url": "https://trino.io/docs/current/release/release-337.html#security-changes"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Privilege escalation in Presto"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.