Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privilege escalation in Presto
Vulnerability Description
In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. This only affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
授权机制不恰当
Vulnerability Title
Presto 安全漏洞
Vulnerability Description
Presto是Presto Software基金会的一款用于大数据的分布式SQL查询引擎。 Presto 337之前版本中存在安全漏洞。攻击者可通过访问内部API利用该漏洞绕过授权检查。
CVSS Information
N/A
Vulnerability Type
N/A