Description
The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.
Remediation
References
http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E
http://www.openwall.com/lists/oss-security/2016/01/28/12
http://packetstormsecurity.com/files/135836/Apache-Hive-Authorization-Bypass.html
http://www.securityfocus.com/archive/1/537549/100/0/threaded
Related Vulnerabilities
CVE-2011-1411 Vulnerability in maven package org.opensaml:opensaml
CVE-2021-3827 Vulnerability in maven package org.keycloak:keycloak-server-spi-private
CVE-2013-0239 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security
CVE-2022-39231 Vulnerability in npm package parse-server
CVE-2014-0074 Vulnerability in maven package org.apache.shiro:shiro-core