Description

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

Remediation

References

http://www.securityfocus.com/bid/105886

https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb%40%3Cdev.hive.apache.org%3E

Related Vulnerabilities

CVE-2019-1003082 Vulnerability in maven package org.jenkins-ci.plugins:gearman-plugin

CVE-2016-5007 Vulnerability in maven package org.springframework.security:spring-security-web

CVE-2023-25330 Vulnerability in maven package com.baomidou:mybatis-plus-extension

CVE-2023-39151 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2016-10703 Vulnerability in maven package org.webjars.npm:ecstatic

Severity

Critical

Classification

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Tags

Third Party Advisory VDB Entry NVD-CWE-noinfo