CVE-2020-15087 - OpenCVE

In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. This only affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Prestosql	Presto

Configuration 1 [-]

cpe:2.3:a:prestosql:presto:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/prestosql/presto/security/advisories/GHSA-f6pc-crhh-cp96	Third Party Advisory
https://trino.io/docs/current/release/release-337.html#security-changes	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-06-30T16:35:15

Updated: 2021-04-08T16:37:17

Reserved: 2020-06-25T00:00:00

Link: CVE-2020-15087

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-06-30T17:15:10.877

Modified: 2022-10-21T18:01:15.083

Link: CVE-2020-15087

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Presto", "vendor": "prestosql", "versions": [{"status": "affected", "version": "< 337"}]}], "descriptions": [{"lang": "en", "value": "In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. This only affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-08T16:37:17", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/prestosql/presto/security/advisories/GHSA-f6pc-crhh-cp96"}, {"tags": ["x_refsource_MISC"], "url": "https://trino.io/docs/current/release/release-337.html#security-changes"}], "source": {"advisory": "GHSA-f6pc-crhh-cp96", "discovery": "UNKNOWN"}, "title": "Privilege escalation in Presto", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15087", "STATE": "PUBLIC", "TITLE": "Privilege escalation in Presto"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Presto", "version": {"version_data": [{"version_value": "< 337"}]}}]}, "vendor_name": "prestosql"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. This only affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-285 Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "https://github.com/prestosql/presto/security/advisories/GHSA-f6pc-crhh-cp96", "refsource": "CONFIRM", "url": "https://github.com/prestosql/presto/security/advisories/GHSA-f6pc-crhh-cp96"}, {"name": "https://trino.io/docs/current/release/release-337.html#security-changes", "refsource": "MISC", "url": "https://trino.io/docs/current/release/release-337.html#security-changes"}]}, "source": {"advisory": "GHSA-f6pc-crhh-cp96", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15087", "datePublished": "2020-06-30T16:35:15", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2021-04-08T16:37:17", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:prestosql:presto:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E70E23C-0925-427B-98AF-F86E379B63C9", "versionEndExcluding": "337", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. This only affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers."}, {"lang": "es", "value": "En Presto versiones anteriores a 337, los usuarios autenticados pueden omitir las comprobaciones de autorizaci\u00f3n al acceder directamente a las API internas. Esto afecta las instalaciones del servidor Presto con una comunicaci\u00f3n interna segura configurada. Esto no afecta a las instalaciones que no han configurado una comunicaci\u00f3n interna segura, ya que estas instalaciones son no seguras inherentemente. Esto solo afecta a las instalaciones del servidor Presto. Esto NO afecta a clientes como la CLI o el controlador JDBC. Esta vulnerabilidad se ha corregido en la versi\u00f3n 337. Adem\u00e1s, este problema puede ser mitigado bloqueando el acceso de red a las API internas en el coordinador y trabajadores"}], "id": "CVE-2020-15087", "lastModified": "2022-10-21T18:01:15.083", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-06-30T17:15:10.877", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/prestosql/presto/security/advisories/GHSA-f6pc-crhh-cp96"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://trino.io/docs/current/release/release-337.html#security-changes"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "security-advisories@github.com", "type": "Secondary"}]}