Description
Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.
Remediation
References
http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E
http://www.securityfocus.com/bid/101686
Related Vulnerabilities
CVE-2023-42795 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-24998 Vulnerability in maven package commons-fileupload:commons-fileupload
CVE-2023-26464 Vulnerability in maven package log4j:log4j
CVE-2022-24999 Vulnerability in maven package org.webjars.npm:qs
CVE-2019-12418 Vulnerability in maven package org.apache.tomcat:tomcat-catalina