Description

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

Remediation

References

http://www.securityfocus.com/bid/105886

https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb%40%3Cdev.hive.apache.org%3E

Related Vulnerabilities

CVE-2019-19771 Vulnerability in npm package bitcoimjs-lib

CVE-2018-19056 Vulnerability in npm package editor.md

CVE-2020-2182 Vulnerability in maven package org.jenkins-ci.plugins:credentials-binding

CVE-2020-7708 Vulnerability in npm package irrelon-path

CVE-2019-10372 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-oauth

Severity

Critical

Classification

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Tags

Third Party Advisory VDB Entry NVD-CWE-noinfo