WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2015-7521 Vulnerability in maven package org.apache.hive:hive-exec

Description

The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.

Remediation

References

http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E

http://www.openwall.com/lists/oss-security/2016/01/28/12

http://packetstormsecurity.com/files/135836/Apache-Hive-Authorization-Bypass.html

http://www.securityfocus.com/archive/1/537549/100/0/threaded

Related Vulnerabilities

CVE-2016-10525 Vulnerability in npm package hapi-auth-jwt2

CVE-2018-6873 Vulnerability in npm package auth0-js

CVE-2021-26073 Vulnerability in npm package atlassian-connect-express

CVE-2012-5633 Vulnerability in maven package org.apache.cxf:cxf-bundle

CVE-2013-2193 Vulnerability in maven package org.apache.hbase:hbase

Severity

Critical

Classification

CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L