Lucene search
+L

4 matches found

github
github
added 2018/11/21 10:24 p.m.39 views

Moderate severity vulnerability that affects org.apache.hive:hive-jdbc

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...

4.3CVSS2.5AI score0.01988EPSS
Exploits0References4Affected Software1
veracode
veracode
added 2018/11/09 7:12 a.m.25 views

Information Disclosure

hive-exec is vulnerable to an information disclosure.The library does not properly handle permissions of entities in an EXPLAIN operation, allowing a malicious user to use the operation to gain access to sensitive information in an arbitrary table, view, metadata or statistics...

4.3CVSS5.1AI score0.01988EPSS
Exploits0References5Affected Software1
prion
prion
added 2018/11/08 2:29 p.m.19 views

Authorization

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...

4CVSS4.7AI score0.01988EPSS
Exploits0References2Affected Software1
cve
cve
added 2018/11/08 2:0 p.m.103 views

CVE-2018-1314

CVE-2018-1314 affects Apache Hive 2.3.3, 3.1.0 and earlier. The EXPLAIN operation fails to enforce authorization on involved entities, allowing an unauthorized user to run EXPLAIN on arbitrary tables/views and disclose table metadata and statistics. Concrete references include NVD/CVE records and...

4.3CVSS4.7AI score0.01988EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder