4 matches found
Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.
Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details CVEID:CVE-2015-1772 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error in th...
com.ge.research.semtk:arangoDbService (=2.2.2), com.ge.research.semtk:athenaService (=2.2.2) +68 more potentially affected by CVE-2015-7521 via org.apache.hive:hive-service (>=1.0.0 <=1.2.1)
org.apache.hive:hive-service MAVEN version =1.0.0, =2.2.1, =2.2.1, =2.2.1, =2.2.2 - com.ge.research.semtk:sparqlGraphResultsService =2.2.2 and more Source cves: CVE-2015-7521 Source advisory: OSV:GHSA-83R3-C79W-F6WC...
FreeBSD : hive -- authorization logic vulnerability (a5c204b5-4153-11e6-8dfe-002590263bf5)
Sushanth Sowmyan reports : Some partition-level operations exist that do not explicitly also authorize privileges of the parent table. This can lead to issues when the parent table would have denied the operation, but no denial occurs because the partition-level privilege is not checked by the...
CVE-2015-7521
The CVE-2015-7521 entry concerns Apache Hive (versions 1.0.0–1.2.1) run on clusters protected by Ranger and SqlStdHiveAuthorization. It describes an authorization bypass where partition-level operations can grant access that should be denied at the parent table level, effectively bypassing parent...