Lucene search
ApacheCVELIST:CVE-2020-17533HistoryDec 29, 2020 - 11:30 a.m.
CVE-2020-17533 Apache Accumulo Improper Handling of Insufficient Permissions
2020-12-2911:30:13
CWE-252
apache
www.cve.org
Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the ‘canFlush’ and ‘canPerformSystemActions’ security functions are not checked in some instances, therefore allowing an authenticated user with insufficient permissions to perform the following actions: flushing a table, shutting down Accumulo or an individual tablet server, and setting or removing system-wide Accumulo configuration properties.
CNA Affected
[
{
"product": "Apache Accumulo",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache Accumulo 2.0.0"
},
{
"lessThan": "Apache Accumulo*",
"status": "affected",
"version": "1.5.0",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2020-17533
2020-12-29 12:15:12
Improper privilege handling in Apache Accumulo
2022-02-09 22:37:59
github
github
Improper privilege handling in Apache Accumulo
2022-02-09 22:37:59
prion
prion
Code injection
2020-12-29 12:15:00
veracode
veracode
Authorization Bypass
2020-12-30 01:49:00
nvd
nvd
CVE-2020-17533
2020-12-29 12:15:12
cve
cve
CVE-2020-17533
2020-12-29 12:15:12
githubexploit
githubexploit