Description
Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.
Remediation
References
http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E
http://www.securityfocus.com/bid/101686
Related Vulnerabilities
CVE-2021-41182 Vulnerability in maven package org.webjars:jquery-ui
CVE-2020-2298 Vulnerability in maven package org.jenkins-ci.plugins:nerrvana-plugin
CVE-2021-37695 Vulnerability in maven package org.webjars.bowergithub.ckeditor:ckeditor4
CVE-2022-37023 Vulnerability in maven package org.apache.geode:geode-core