CVE-2018-11777 – org.apache.hive:hive-exec

Package

Manager: maven
Name: org.apache.hive:hive-exec
Vulnerable Version: >=3.0.0 <3.1.1 || >=0 <2.3.4

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00413 pctl0.60695

Details

Improper Authentication in hive:hive-exec In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

Metadata

Created: 2018-11-21T22:25:04Z
Modified: 2022-09-14T22:08:31Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/11/GHSA-rrfq-g5fq-fc9c/GHSA-rrfq-g5fq-fc9c.json
CWE IDs: []
Alternative ID: GHSA-rrfq-g5fq-fc9c
Finding: F006
Auto approve: 1