GHSA-83r3-c79w-f6wc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-83r3-c79w-f6wc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/11/GHSA-83r3-c79w-f6wc/GHSA-83r3-c79w-f6wc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-83r3-c79w-f6wc
- Aliases
-
- CVE-2015-7521
- Published
- 2018-11-21T22:23:49Z
- Modified
- 2023-11-08T03:58:00.245070Z
- Severity
-
- 8.3 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS Calculator
- Summary
- High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
- Details
-
The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.
- Database specific
{ "nvd_published_at": null, "github_reviewed_at": "2020-06-16T21:24:07Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-287" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-7521
- https://github.com/advisories/GHSA-83r3-c79w-f6wc
- http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E
- http://packetstormsecurity.com/files/135836/Apache-Hive-Authorization-Bypass.html
- http://www.openwall.com/lists/oss-security/2016/01/28/12
- http://www.securityfocus.com/archive/1/537549/100/0/threaded
Affected packages
Maven / org.apache.hive:hive
Package
- Name
- org.apache.hive:hive
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.hive/hive
Maven / org.apache.hive:hive-exec
Package
- Name
- org.apache.hive:hive-exec
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.hive/hive-exec
Maven / org.apache.hive:hive-service
Package
- Name
- org.apache.hive:hive-service
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.hive/hive-service