WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2015-7521 Vulnerability in maven package org.apache.hive:hive-exec

Description

The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.

Remediation

References

http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E

http://packetstormsecurity.com/files/135836/Apache-Hive-Authorization-Bypass.html

http://www.openwall.com/lists/oss-security/2016/01/28/12

http://www.securityfocus.com/archive/1/537549/100/0/threaded

Related Vulnerabilities

CVE-2018-11765 Vulnerability in maven package org.apache.hadoop:hadoop-common

CVE-2016-8609 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2015-1772 Vulnerability in maven package org.apache.hive:hive-service

CVE-2022-36093 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2016-4432 Vulnerability in maven package org.apache.qpid:qpid-broker-plugins-amqp-0-10-protocol

Severity

Critical

Classification

CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L