CVE-2021-40331 Permissions problem in the Apache Ranger Hive Plugin

2023-05-0507:55:06

CWE-732

apache

www.cve.org

apache ranger

hive plugin

permission problem

vulnerability

critical resource

upgrade

0.001 Low

EPSS

Percentile

30.2%

JSON

An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled
This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Ranger Hive Plugin",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "2.3.0",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

lists.apache.org/thread/s68yls6cnkdmzn1k4hqt50vs6wjvt2rn

0.001 Low

EPSS

Percentile

30.2%

JSON

Related for CVELIST:CVE-2021-40331