Description
Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.
Remediation
References
http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E
http://www.securityfocus.com/bid/101686
Related Vulnerabilities
CVE-2022-45401 Vulnerability in maven package org.jenkinsci.plugins:associated-files
CVE-2023-29201 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml
CVE-2019-0205 Vulnerability in maven package org.apache.thrift:libthrift
CVE-2022-41881 Vulnerability in maven package io.netty:netty-codec-haproxy
CVE-2022-36098 Vulnerability in maven package org.xwiki.platform:xwiki-platform-mentions-ui