CVE-2020-15087

Name of the Vulnerable Software and Affected Versions Presto versions prior to 337

Description Authenticated users can bypass authorization checks by directly accessing internal APIs. This issue impacts Presto server installations with secure internal communication configured. It does not affect installations without secure internal communication, as they are inherently insecure. This issue only affects Presto server installations and does not affect clients such as the CLI or JDBC driver.

Recommendations For versions prior to 337, update to version 337 or later to resolve the issue. As a temporary workaround, consider blocking network access to internal APIs on the coordinator and workers to mitigate the risk of exploitation.