漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON
Vulnerability Description
Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have write privilege on SQL level. This issue has been patched in version 480.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
敏感数据的不恰当跨边界移除
Vulnerability Title
trino 安全漏洞
Vulnerability Description
trino是Trino开源的一个分布式SQL查询引擎。 Trino 439版本至480之前版本存在安全漏洞,该漏洞源于Iceberg连接器REST目录静态凭据或临时凭据对具有SQL级别写入权限的用户可访问,可能导致凭据泄露。
CVSS Information
N/A
Vulnerability Type
N/A