Description

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

Remediation

References

http://www.securityfocus.com/bid/105886

https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb%40%3Cdev.hive.apache.org%3E

Related Vulnerabilities

CVE-2016-10571 Vulnerability in npm package bkjs-wand

CVE-2022-41642 Vulnerability in npm package nadesiko3

CVE-2018-1000614 Vulnerability in maven package org.onosproject:onos-netconf-provider-alarm

CVE-2020-7608 Vulnerability in maven package org.webjars.npm:yargs-parser

CVE-2018-19838 Vulnerability in npm package node-sass

Severity

Critical

Classification

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Tags

Third Party Advisory VDB Entry NVD-CWE-noinfo