Description

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

Remediation

References

http://www.securityfocus.com/bid/105886

https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb%40%3Cdev.hive.apache.org%3E

Related Vulnerabilities

CVE-2016-4567 Vulnerability in maven package org.webjars:mediaelement

CVE-2021-32859 Vulnerability in maven package org.webjars.npm:github-com-baremetrics-calendar

CVE-2022-23913 Vulnerability in maven package org.apache.activemq:artemis-commons

CVE-2021-39178 Vulnerability in npm package next

CVE-2020-1953 Vulnerability in maven package org.apache.commons:commons-configuration2

Severity

Critical

Classification

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Tags

Third Party Advisory VDB Entry NVD-CWE-noinfo