Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.

Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details CVEID:CVE-2015-1772 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error in th...

io.druid.extensions.contrib:druid-orc-extensions (>=0.10.0 <=0.12.3), org.apache.tajo:tajo-hive (>=0.11.2 <=0.11.3) potentially affected by CVE-2016-3083 via org.apache.hive:hive-exec (=2.0.0)

org.apache.hive:hive-exec MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - io.druid.extensions.contrib:druid-orc-extensions =0.10.0, =0.11.2, =0.11.3 Source cves: CVE-2016-3083 Source...

ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.11), com.linkedin.tony:tony-cli (>=0.1.5 <=0.3.3) +36 more potentially affected by CVE-2016-3083 via org.apache.hive:hive-exec (>=0.8.0 <=1.2.1)

org.apache.hive:hive-exec MAVEN version =0.8.0, =3.18.0.9, =0.1.5, =0.1.5, =0.1.0, =0.1.0, =0.1.0, =6.5.0, =6.5.0, =6.5.0, =6.5.0, =6.8.3 and more Source cves: CVE-2016-3083 Source advisory: OSV:GHSA-GF2V-9HP6-44QG...

CVE-2016-3083

CVE-2016-3083 affects Apache Hive JDBC/HiveServer2: SSL is used for plain TCP and HTTP, but the client may fail to verify the certificate’s common name during the SSL handshake in Hive versions before 1.2.2 and 2.0.x before 2.0.1. This can allow a server presenting a valid CA-signed cert for a di...