Moderate severity vulnerability that affects org.apache.hive:hive-jdbc

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...

Information Disclosure

hive-exec is vulnerable to an information disclosure.The library does not properly handle permissions of entities in an EXPLAIN operation, allowing a malicious user to use the operation to gain access to sensitive information in an arbitrary table, view, metadata or statistics...

Authorization

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...

CVE-2018-1314

CVE-2018-1314 affects Apache Hive 2.3.3, 3.1.0 and earlier. The EXPLAIN operation fails to enforce authorization on involved entities, allowing an unauthorized user to run EXPLAIN on arbitrary tables/views and disclose table metadata and statistics. Concrete references include NVD/CVE records and...