Presto is vulnerable to privilege escalation. During the Presto server installations with secure internal communication configured, having a direct access to internal APIs allows an authenticated user to bypass the authorization checks.
CPE | Name | Operator | Version |
---|---|---|---|
presto-server | le | 336 | |
presto-server | le | 336 |
github.com/advisories/GHSA-f6pc-crhh-cp96
github.com/prestosql/presto/commit/484bb73ca278cdcdf67814953e4f3282fb1efaaa
github.com/prestosql/presto/security/advisories/GHSA-f6pc-crhh-cp96
prestosql.io/docs/current/release/release-337.html#security-changes
trino.io/docs/current/release/release-337.html#security-changes