CVE-2020-15087 - OpenCVE

In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. This only affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Prestosql	Presto

Configuration 1 [-]

cpe:2.3:a:prestosql:presto:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/prestosql/presto/security/advisories/GHSA-f6pc-crhh-cp96
https://trino.io/docs/current/release/release-337.html#security-changes

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-06-30T16:35:15

Updated: 2024-08-04T13:08:21.726Z

Reserved: 2020-06-25T00:00:00

Link: CVE-2020-15087

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-06-30T17:15:10.877

Modified: 2022-10-21T18:01:15.083

Link: CVE-2020-15087

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Presto", "vendor": "prestosql", "versions": [{"status": "affected", "version": "< 337"}]}], "descriptions": [{"lang": "en", "value": "In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. This only affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-08T16:37:17", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/prestosql/presto/security/advisories/GHSA-f6pc-crhh-cp96"}, {"tags": ["x_refsource_MISC"], "url": "https://trino.io/docs/current/release/release-337.html#security-changes"}], "source": {"advisory": "GHSA-f6pc-crhh-cp96", "discovery": "UNKNOWN"}, "title": "Privilege escalation in Presto", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15087", "STATE": "PUBLIC", "TITLE": "Privilege escalation in Presto"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Presto", "version": {"version_data": [{"version_value": "< 337"}]}}]}, "vendor_name": "prestosql"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. This only affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-285 Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "https://github.com/prestosql/presto/security/advisories/GHSA-f6pc-crhh-cp96", "refsource": "CONFIRM", "url": "https://github.com/prestosql/presto/security/advisories/GHSA-f6pc-crhh-cp96"}, {"name": "https://trino.io/docs/current/release/release-337.html#security-changes", "refsource": "MISC", "url": "https://trino.io/docs/current/release/release-337.html#security-changes"}]}, "source": {"advisory": "GHSA-f6pc-crhh-cp96", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:08:21.726Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/prestosql/presto/security/advisories/GHSA-f6pc-crhh-cp96"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://trino.io/docs/current/release/release-337.html#security-changes"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15087", "datePublished": "2020-06-30T16:35:15", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:21.726Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:prestosql:presto:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E70E23C-0925-427B-98AF-F86E379B63C9", "versionEndExcluding": "337", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. This only affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers."}, {"lang": "es", "value": "En Presto versiones anteriores a 337, los usuarios autenticados pueden omitir las comprobaciones de autorizaci\u00f3n al acceder directamente a las API internas. Esto afecta las instalaciones del servidor Presto con una comunicaci\u00f3n interna segura configurada. Esto no afecta a las instalaciones que no han configurado una comunicaci\u00f3n interna segura, ya que estas instalaciones son no seguras inherentemente. Esto solo afecta a las instalaciones del servidor Presto. Esto NO afecta a clientes como la CLI o el controlador JDBC. Esta vulnerabilidad se ha corregido en la versi\u00f3n 337. Adem\u00e1s, este problema puede ser mitigado bloqueando el acceso de red a las API internas en el coordinador y trabajadores"}], "id": "CVE-2020-15087", "lastModified": "2022-10-21T18:01:15.083", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-06-30T17:15:10.877", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/prestosql/presto/security/advisories/GHSA-f6pc-crhh-cp96"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://trino.io/docs/current/release/release-337.html#security-changes"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "security-advisories@github.com", "type": "Secondary"}]}