Description
Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.
Remediation
References
http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E
http://www.securityfocus.com/bid/101686
Related Vulnerabilities
CVE-2023-34238 Vulnerability in npm package gatsby-plugin-sharp
CVE-2021-30246 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign
CVE-2023-35157 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2022-37199 Vulnerability in maven package com.jflyfox:jflyfox_jfinal
CVE-2023-37903 Vulnerability in maven package org.webjars.npm:vm2