7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
45.9%
Apache Hive is vulnerable to authorization bypass. The vulnerability exists in the CREATE/DROP operations due to improper restrictions of users privileges which allows an attacker to create and drop UDFs.
CPE | Name | Operator | Version |
---|---|---|---|
hive standalone metastore | le | 3.1.2 | |
hive metastore | le | 3.1.2 | |
hive standalone metastore | le | 3.1.2 | |
hive metastore | le | 3.1.2 |
github.com/advisories/GHSA-v3p8-j597-3xg8
github.com/berez23/daf/issues/161
github.com/dreamboy9/spark/issues/36
github.com/keanhankins/ranger/issues/362
github.com/keanhankins/ranger/issues/362
github.com/samqws-marketing/amzn-ion-hive-serde/issues/153
lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354