CVE-2017-12625 – org.apache.hive:hive

Package

Manager: maven
Name: org.apache.hive:hive
Vulnerable Version: >=2.1.0 <2.1.2 || =2.2.0 || >=2.2.0 <2.2.1 || =2.3.0 || >=2.3.0 <2.3.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00468 pctl0.63535

Details

Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.

Metadata

Created: 2019-03-14T15:40:16Z
Modified: 2021-08-30T21:36:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/03/GHSA-2g9q-chq2-w8qw/GHSA-2g9q-chq2-w8qw.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-2g9q-chq2-w8qw
Finding: F308
Auto approve: 1