Vulnerability Description
Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and 'canPerformSystemActions' security functions are not checked in some instances, therefore allowing an authenticated user with insufficient permissions to perform the following actions: flushing a table, shutting down Accumulo or an individual tablet server, and setting or removing system-wide Accumulo configuration properties.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Accumulo | >= 1.5.0, <= 1.10.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2020/12/29/1Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/rf8c1a787b6951d3dacb9ec58f0bf1633790c91f54fVendor Advisory
- https://lists.apache.org/thread.html/rf8c1a787b6951d3dacb9ec58f0bf1633790c91f54fMailing List
- http://www.openwall.com/lists/oss-security/2020/12/29/1Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/rf8c1a787b6951d3dacb9ec58f0bf1633790c91f54fVendor Advisory
- https://lists.apache.org/thread.html/rf8c1a787b6951d3dacb9ec58f0bf1633790c91f54fMailing List
FAQ
What is CVE-2020-17533?
CVE-2020-17533 is a vulnerability with a CVSS score of 8.1 (HIGH). Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain a...
How severe is CVE-2020-17533?
CVE-2020-17533 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-17533?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Accumulo.