CVE-2020-17533

HIGH

Apache Accumulo <2.0.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-17533. PoCs published by pazeray.

AI-analyzed exploit summary This repository contains a writeup describing CVE-2020-17533, an RCE vulnerability in Apache Struts2 due to improper handling of OGNL expressions. The document outlines the vulnerability, affected versions, and mitigation steps but does not include exploit code.

Description

Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and 'canPerformSystemActions' security functions are not checked in some instances, therefore allowing an authenticated user with insufficient permissions to perform the following actions: flushing a table, shutting down Accumulo or an individual tablet server, and setting or removing system-wide Accumulo configuration properties.

Exploits (1)

nomisec WRITEUP

by pazeray · poc

https://github.com/pazeray/CVE-2020-17533

View Code ZIP pw:eip

This repository contains a writeup describing CVE-2020-17533, an RCE vulnerability in Apache Struts2 due to improper handling of OGNL expressions. The document outlines the vulnerability, affected versions, and mitigation steps but does not include exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Apache Struts 2.0.0 - 2.5.25

No auth needed

Prerequisites: Target application using %{...} syntax in OGNL expressions

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List x_refsource_misc

https://lists.apache.org/thread.html/rf8c1a787b6951d3dacb9ec58f0bf1633790c91f54ff10c6f8ff9d8ed%40%3Cuser.accumulo.apache.org%3E

Vendor Advisory mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rf8c1a787b6951d3dacb9ec58f0bf1633790c91f54ff10c6f8ff9d8ed%40%3Cannounce.apache.org%3E

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2020/12/29/1

Scores

CVSS v3 8.1

EPSS 0.0365

EPSS Percentile 88.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Details

CWE

CWE-252

Status published

Products (3)

apache/accumulo 2.0.0

apache/accumulo 1.5.0 - 1.10.0

org.apache.accumulo/accumulo-master 1.5.0 - 1.10.1Maven

Published Dec 29, 2020

Tracked Since Feb 18, 2026