Description

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

Remediation

References

http://www.securityfocus.com/bid/105886

https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb%40%3Cdev.hive.apache.org%3E

Related Vulnerabilities

CVE-2019-10409 Vulnerability in maven package hudson.plugins:project-inheritance

CVE-2016-4437 Vulnerability in maven package org.apache.shiro:shiro-core

CVE-2020-28438 Vulnerability in npm package deferred-exec

CVE-2018-3737 Vulnerability in maven package org.webjars.npm:sshpk

CVE-2019-0194 Vulnerability in maven package org.apache.camel:camel-core

Severity

Critical

Classification

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Tags

Third Party Advisory VDB Entry NVD-CWE-noinfo