4 matches found
CVE-2021-34538
Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Hive (CVE-2021-34538)
Summary A vulnerability in Apache Hive used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2021-34538 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by improper authorization validation by the CREATE and DROP functio...
com.hindog.grid:grid-executor-examples_2.11 (>=1.1.0 <=2.0.1) potentially affected by CVE-2021-34538 via org.apache.hive:hive (=2.1.1)
org.apache.hive:hive MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive and may be impacted: - com.hindog.grid:grid-executor-examples2.11 =1.1.0, =2.0.1 Source cves: CVE-2021-34538 Source advisory:...
CVE-2021-34538
CVE-2021-34538 affects Apache Hive (before 3.1.3). The vulnerability arises when performing CREATE and DROP operations for UDFs, as authorization checks for involved entities are missing. This could allow an unauthorized user to drop and recreate UDFs and point them to new jars that may be malici...