CVE-2018-11777

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-11777

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11777.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-11777

Aliases

GHSA-rrfq-g5fq-fc9c

Published

2018-11-08T14:29:00Z

Modified

2024-11-21T03:44:00Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

References

http://www.securityfocus.com/bid/105886
https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb%40%3Cdev.hive.apache.org%3E

Affected packages

Git / github.com/apache/hive

Affected ranges

Type: GIT
Repo: https://github.com/apache/hive
Events: Last affected

3f7dde31aed44b5440563d3f9d8a8887beccf0be

Introduced

ce61711a5fa54ab34fc74d86d521ecaeea6b072a

Last affected

bcc7df95824831a8d2f1524e4048dfc23ab98c19