3 matches found
GHSA-54G4-5CF6-HJP3 Apache Hive Information Exposure and Observable Timing Discrepancy
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8...
CVE-2020-1926
CVE-2020-1926 affects Apache Hive: cookie signature verification used a non-constant-time comparison, enabling timing attacks that could recover another user’s cookie signature. The issue is addressed in Apache Hive 2.3.8. Connected references describe the vulnerability as an information-disclosu...
CVE-2020-1926 Timing attack in Cookie signature verification
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8...