Description

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

Remediation

References

http://www.securityfocus.com/bid/105886

https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb%40%3Cdev.hive.apache.org%3E

Related Vulnerabilities

CVE-2020-35491 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2021-4306 Vulnerability in npm package terminal-kit

CVE-2023-4771 Vulnerability in maven package org.webjars.npm:ckeditor4

CVE-2023-3635 Vulnerability in maven package com.squareup.okio:okio-jvm

CVE-2019-19771 Vulnerability in npm package bpi66

Severity

Critical

Classification

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Tags

Third Party Advisory VDB Entry NVD-CWE-noinfo