Description
The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.
Remediation
References
http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E
http://packetstormsecurity.com/files/135836/Apache-Hive-Authorization-Bypass.html
http://www.openwall.com/lists/oss-security/2016/01/28/12
http://www.securityfocus.com/archive/1/537549/100/0/threaded
Related Vulnerabilities
CVE-2023-0105 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2016-10532 Vulnerability in npm package console-io
CVE-2021-32738 Vulnerability in npm package stellar-sdk
CVE-2017-8028 Vulnerability in maven package org.springframework.ldap:spring-ldap-core
CVE-2014-3623 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security