CVE-2018-11777

HIGH8.1EPSS 0.25%

Improper Authentication in hive:hive-exec

Published: 11/21/2018Modified: 12/2/2024

Description

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

Affected packages (1)

Maven/org.apache.hive:hive-exec>= 3.0.0, < 3.1.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.1	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References (4)

ADVISORYhttps://github.com/advisories/GHSA-rrfq-g5fq-fc9c
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-11777
WEBhttps://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E
WEBhttp://www.securityfocus.com/bid/105886