Lucene search
Veracode Vulnerability DatabaseVERACODE:25801HistoryJul 02, 2020 - 4:34 a.m.
Privilege Escalation
2020-07-0204:34:11
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
2
0.001 Low
EPSS
Percentile
42.8%
Presto is vulnerable to privilege escalation. During the Presto server installations with secure internal communication configured, having a direct access to internal APIs allows an authenticated user to bypass the authorization checks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| presto-server | le | 336 | |
| presto-server | le | 336 |
References
github.com/advisories/GHSA-f6pc-crhh-cp96
github.com/prestosql/presto/commit/484bb73ca278cdcdf67814953e4f3282fb1efaaa
github.com/prestosql/presto/security/advisories/GHSA-f6pc-crhh-cp96
prestosql.io/docs/current/release/release-337.html#security-changes
trino.io/docs/current/release/release-337.html#security-changes
Related
cvelist
cvelist
CVE-2020-15087 Privilege escalation in Presto
2020-06-30 16:35:15
nvd
nvd
CVE-2020-15087
2020-06-30 17:15:10
prion
prion
Authorization
2020-06-30 17:15:00
github
github
Privilege escalation in Presto
2020-06-30 16:33:23
osv
osv
CVE-2020-15087
2020-06-30 17:15:10
Privilege escalation in Presto
2020-06-30 16:33:23
cve
cve
CVE-2020-15087
2020-06-30 17:15:10