Lucene search
ApacheCVELIST:CVE-2021-34538HistoryJul 16, 2022 - 7:10 a.m.
CVE-2021-34538 Apache Hive Security vulnerability in Hive with UDFs
2022-07-1607:10:09
CWE-306
apache
www.cve.org
4
apache hive
security vulnerability
udf manipulation
authorization check
unauthorized user
Apache Hive before 3.1.3 “CREATE” and “DROP” function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious.
CNA Affected
[
{
"product": "Apache Hive",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.1.3",
"status": "affected",
"version": "Apache Hive",
"versionType": "custom"
}
]
}
]Related
prion
prion
Authorization
2022-07-16 07:15:00
ibm
ibm
veracode
veracode
Authorization Bypass
2022-07-18 15:03:14
osv
osv
Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization.
2022-07-17 00:00:45
CVE-2021-34538
2022-07-16 07:15:08
cnvd
cnvd
Apache Hive authorization issue vulnerability
2022-07-19 00:00:00
github
github
cve
cve
CVE-2021-34538
2022-07-16 07:15:08
nvd
nvd
CVE-2021-34538
2022-07-16 07:15:08
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00