What is the severity of CVE-2020-15087?

CVE-2020-15087 has a CVSS v3 score of 8.8, which is classified as High severity.

Is there an exploit available for CVE-2020-15087?

No known public exploits are currently available for CVE-2020-15087.

Is there a patch available for CVE-2020-15087?

Yes, patches are available for CVE-2020-15087. Check the vendor advisories for update instructions.

CVE-2020-15087 - CVE Details, Severity, and Analysis

Q: What is CVE-2020-15087?

### Affected This affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. ### Impact Authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. ### Patches This issue has been fixed starting with PrestoSQL version 337. ### Workarounds This issue can be mitigated by blocking network access to internal APIs on the coordinator and workers. ### References See the Presto documentation for [Secure Internal Communication](https://trino.io/docs/current/security/internal-communication.html). ### For more information If you have any questions or comments about this advisory: * Join the **#security** channel on [Slack](https://trino.io/slack.html). * Contact the security team at [security@trino.io](mailto:security@trino.io)

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

CVE-2020-15087 - CVE Details, Severity, and Analysis | Strobes VI

Severity Scores

CVSS v38.8

CVSS v26.5

Priority Score587.0

EPSS Score0.0

High

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

8.8

CVSS

Exploit

Yes

Patch

Low Priority

no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Affected

This affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver.

Impact

Authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured.

This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure.

Patches

This issue has been fixed starting with PrestoSQL version 337.

Workarounds

This issue can be mitigated by blocking network access to internal APIs on the coordinator and workers.

References

See the Presto documentation for Secure Internal Communication.

For more information

If you have any questions or comments about this advisory:

Join the #security channel on Slack.
Contact the security team at [email protected]

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:Local

Privileges Required:Local

User Interaction:Network

Scope:Unchanged

Confidentiality:High

Integrity:High

Availability:High

Patch References

Security [email protected]

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Prestosql	Presto