CVE-2020-17533

Apache Accumulo Improper Handling of Insufficient Permissions

Description

Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and 'canPerformSystemActions' security functions are not checked in some instances, therefore allowing an authenticated user with insufficient permissions to perform the following actions: flushing a table, shutting down Accumulo or an individual tablet server, and setting or removing system-wide Accumulo configuration properties.

Remediation

Workaround:

Upgrade to Apache Accumulo version 1.10.1, 2.0.1, or later.

References

Link	Tags
https://lists.apache.org/thread.html/rf8c1a787b6951d3dacb9ec58f0bf1633790c91f54ff10c6f8ff9d8ed%40%3Cuser.accumulo.apache.org%3E	mailing list
https://lists.apache.org/thread.html/rf8c1a787b6951d3dacb9ec58f0bf1633790c91f54ff10c6f8ff9d8ed%40%3Cannounce.apache.org%3E	mailing list vendor advisory
http://www.openwall.com/lists/oss-security/2020/12/29/1	third party advisory mailing list

Frequently Asked Questions

What is the severity of CVE-2020-17533?: CVE-2020-17533 has been scored as a high severity vulnerability.
How to fix CVE-2020-17533?: As a workaround for remediating CVE-2020-17533: Upgrade to Apache Accumulo version 1.10.1, 2.0.1, or later.
Is CVE-2020-17533 being actively exploited in the wild?: It is possible that CVE-2020-17533 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~5% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-17533?: CVE-2020-17533 affects Apache Software Foundation Apache Accumulo.

Description

Remediation

Category

CWE-252 – Unchecked Return Value

References

Frequently Asked Questions