Description
The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.
Remediation
References
http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E
http://www.openwall.com/lists/oss-security/2016/01/28/12
http://packetstormsecurity.com/files/135836/Apache-Hive-Authorization-Bypass.html
http://www.securityfocus.com/archive/1/537549/100/0/threaded
Related Vulnerabilities
CVE-2023-32081 Vulnerability in maven package io.vertx:vertx-stomp
CVE-2016-4432 Vulnerability in maven package org.apache.qpid:qpid-broker-plugins-amqp-0-10-protocol
CVE-2020-27838 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2021-3827 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2021-43116 Vulnerability in maven package com.alibaba.nacos:nacos-client