Impala@* Security Vulnerabilities and Issues — Impala@* CVE List

Lucene search

ApacheImpala*

3 matches found

CVE•added 2021/07/22 10:15 a.m.•44 views

CVE-2021-28131

Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the a...

7.5CVSS7.8AI score0.00593EPSS

CVE•added 2018/10/24 8:29 p.m.•39 views

CVE-2018-11792

In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL...

9.8CVSS9.3AI score0.0055EPSS

CVE•added 2018/10/24 8:29 p.m.•33 views

CVE-2018-11785

Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query.

6.5CVSS6.3AI score0.00108EPSS