CVE-2018-11777 Vulnerability in maven package org.apache.hive:hive-exec

Description

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

Remediation

References

http://www.securityfocus.com/bid/105886

https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb%40%3Cdev.hive.apache.org%3E

Related Vulnerabilities

CVE-2019-19771 Vulnerability in npm package bitcoisnj-lib

CVE-2016-10643 Vulnerability in npm package jstestdriver

CVE-2022-27340 Vulnerability in maven package net.mingsoft:ms-mcms

CVE-2021-32827 Vulnerability in maven package org.mock-server:mockserver-core

CVE-2020-2193 Vulnerability in maven package io.jenkins.plugins:echarts-api

Severity

Critical

Classification

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N