Plataforma
java
Componente
org.apache.accumulo:accumulo-master
Corrigido em
2.0.1
Apache Accumulo*
1.10.1
CVE-2020-17533 is a Path Traversal vulnerability affecting the serve component. Attackers can bypass intended access restrictions by exploiting relative paths, potentially leading to unauthorized access to sensitive files and directories. This vulnerability impacts versions of serve prior to 10.1.2. A fix is available by upgrading to version 10.1.2 or later.
CVE-2020-17533 in Apache Accumulo affects versions 1.5.0 through 1.10.0 and 2.0.0. It's due to inadequate validation of return values from certain policy enforcement functions. Specifically, the return values of the 'canFlush' and 'canPerformSystemActions' security functions are not checked in some instances, allowing an authenticated user with insufficient permissions to perform sensitive administrative actions such as flushing a table or shutting down Accumulo. This vulnerability could be exploited by an attacker who has gained authenticated access to the system, even if they don't normally have the necessary permissions to perform these actions. The potential impact includes data loss, service disruption, and potential system takeover.
An attacker with authenticated access to a vulnerable Accumulo system can exploit this vulnerability. The attacker must be able to call the 'canFlush' or 'canPerformSystemActions' functions without proper permission validation. Exploitation could involve creating a user with limited permissions and then manipulating policy configurations to bypass access restrictions. The success of exploitation depends on the specific Accumulo configuration and the attacker's ability to circumvent existing security controls. The lack of proper return value validation allows the attacker to perform administrative actions that would normally be beyond their scope.
Status do Exploit
EPSS
5.31% (percentil 90%)
Vetor CVSS
The primary mitigation for CVE-2020-17533 is to upgrade to version 1.10.1 or later of Apache Accumulo. This version corrects the vulnerability by properly validating the return values of the 'canFlush' and 'canPerformSystemActions' functions. In the interim, it is recommended to restrict access to administrative functions to users with the necessary permissions. Review and strengthen Accumulo policy configurations to ensure that only authorized users can perform administrative actions. Monitoring Accumulo logs for suspicious activity can also help detect and respond to potential exploitation attempts.
Actualice Apache Accumulo a la versión 1.10.1 o superior, o a la versión 2.0.1 o superior. Esto corrige la validación incorrecta de permisos que permite a usuarios autenticados realizar acciones administrativas sin los permisos necesarios.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
Versions 1.5.0 through 1.10.0 and 2.0.0 are affected by CVE-2020-17533.
Check the version of Accumulo you are using. If you are using a version between 1.5.0 and 1.10.0 or 2.0.0, it is vulnerable.
These are security functions in Accumulo that control access to table flushing operations and system actions, respectively.
It means this vulnerability is not included in the Knowledge Engineering Vulnerability (KEV) list, a listing of high-risk vulnerabilities.
Restrict access to administrative functions and review Accumulo policy configurations.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo pom.xml e descubra na hora se você está afetado.