Lucene search
ApacheCVELIST:CVE-2020-17533HistoryDec 29, 2020 - 11:30 a.m.
CVE-2020-17533 Apache Accumulo Improper Handling of Insufficient Permissions
2020-12-2911:30:13
CWE-252
apache
www.cve.org
2
cve-2020-17533
apache accumulo
insufficient permissions
policy enforcement
administrative operations
security functions
table flushing
shutting down
configuration properties.
Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the ‘canFlush’ and ‘canPerformSystemActions’ security functions are not checked in some instances, therefore allowing an authenticated user with insufficient permissions to perform the following actions: flushing a table, shutting down Accumulo or an individual tablet server, and setting or removing system-wide Accumulo configuration properties.
CNA Affected
[
{
"product": "Apache Accumulo",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache Accumulo 2.0.0"
},
{
"lessThan": "Apache Accumulo*",
"status": "affected",
"version": "1.5.0",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2020-17533
2020-12-29 12:15:12
Improper privilege handling in Apache Accumulo
2022-02-09 22:37:59
github
github
Improper privilege handling in Apache Accumulo
2022-02-09 22:37:59
prion
prion
Code injection
2020-12-29 12:15:00
nvd
nvd
CVE-2020-17533
2020-12-29 12:15:12
cve
cve
CVE-2020-17533
2020-12-29 12:15:12
veracode
veracode
Authorization Bypass
2020-12-30 01:49:00