Description
The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.
Remediation
References
http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E
http://packetstormsecurity.com/files/135836/Apache-Hive-Authorization-Bypass.html
http://www.openwall.com/lists/oss-security/2016/01/28/12
http://www.securityfocus.com/archive/1/537549/100/0/threaded
Related Vulnerabilities
CVE-2017-1000110 Vulnerability in maven package io.jenkins.blueocean:blueocean-parent
CVE-2023-0264 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2016-0733 Vulnerability in maven package org.apache.ranger:ranger
CVE-2016-6659 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa