CVE-2018-11777 Vulnerability in maven package org.apache.hive:hive-exec

Description

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

Remediation

References

http://www.securityfocus.com/bid/105886

https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb%40%3Cdev.hive.apache.org%3E

Related Vulnerabilities

CVE-2019-10406 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-8141 Vulnerability in maven package org.webjars.npm:dot

CVE-2017-16172 Vulnerability in npm package section2.madisonjbrooks12

CVE-2022-43427 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test

CVE-2016-10744 Vulnerability in maven package org.webjars:select2

Severity

Critical

Classification

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N