Description
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8
Remediation
References
https://issues.apache.org/jira/browse/HIVE-22708
https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E
Related Vulnerabilities
CVE-2023-32314 Vulnerability in npm package vm2
CVE-2023-26135 Vulnerability in npm package flatnest
CVE-2021-46708 Vulnerability in maven package com.microfocus.webjars:swagger-ui-dist
CVE-2023-28118 Vulnerability in maven package com.charleskorn.kaml:kaml
CVE-2023-30543 Vulnerability in npm package @web3-react/walletconnect