Description
In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.
Remediation
References
http://www.securityfocus.com/bid/105886
https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb%40%3Cdev.hive.apache.org%3E
Related Vulnerabilities
CVE-2019-16566 Vulnerability in maven package org.jenkins-ci.plugins:teamconcert
CVE-2018-16131 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.12
CVE-2020-27665 Vulnerability in npm package strapi-plugin-content-type-builder
CVE-2016-10541 Vulnerability in maven package org.webjars.npm:shell-quote