CVE-2020-1926

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-1926

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1926.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-1926

Aliases

GHSA-54g4-5cf6-hjp3

Published

2021-03-16T13:15:11.893Z

Modified

2026-03-14T14:45:35.000103Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8

References

Affected packages

Git / github.com/apache/hive

Affected ranges

Type

GIT

Repo

https://github.com/apache/hive

Events

Introduced

Fixed

f1e87137034e4ecbe39a859d4ef44319800016d7

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.3.8"
        }
    ]
}

Affected versions

rel/release-2.*

rel/release-2.3.0

rel/release-2.3.1

rel/release-2.3.2

rel/release-2.3.4

rel/release-2.3.5

rel/release-2.3.6

rel/release-2.3.7

release-2.*

release-2.3.5-rc0

release-2.3.8-rc0

release-2.3.8-rc1

release-2.3.8-rc2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1926.json"