Description
The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.
Remediation
References
http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E
http://packetstormsecurity.com/files/135836/Apache-Hive-Authorization-Bypass.html
http://www.openwall.com/lists/oss-security/2016/01/28/12
http://www.securityfocus.com/archive/1/537549/100/0/threaded
Related Vulnerabilities
CVE-2018-11765 Vulnerability in maven package org.apache.hadoop:hadoop-common
CVE-2016-8609 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2015-1772 Vulnerability in maven package org.apache.hive:hive-service
CVE-2022-36093 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2016-4432 Vulnerability in maven package org.apache.qpid:qpid-broker-plugins-amqp-0-10-protocol