Description
The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.
Remediation
References
http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E
http://packetstormsecurity.com/files/135836/Apache-Hive-Authorization-Bypass.html
http://www.openwall.com/lists/oss-security/2016/01/28/12
http://www.securityfocus.com/archive/1/537549/100/0/threaded
Related Vulnerabilities
CVE-2013-2067 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2018-1999045 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2013-3060 Vulnerability in maven package org.apache.activemq:activemq-core
CVE-2017-12610 Vulnerability in maven package org.apache.kafka:kafka_2.11
CVE-2023-38691 Vulnerability in npm package matrix-appservice-bridge