Veracode Vulnerability DatabaseVERACODE:36404

HistoryJul 18, 2022 - 3:03 p.m.

Authorization Bypass

2022-07-1815:03:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

45.9%

JSON

Apache Hive is vulnerable to authorization bypass. The vulnerability exists in the CREATE/DROP operations due to improper restrictions of users privileges which allows an attacker to create and drop UDFs.

CPENameOperatorVersion
hive standalone metastorele3.1.2
hive metastorele3.1.2
hive standalone metastorele3.1.2
hive metastorele3.1.2

Name	Operator	Version
hive standalone metastore	le	3.1.2
hive metastore	le	3.1.2
hive standalone metastore	le	3.1.2
hive metastore	le	3.1.2

References

github.com/advisories/GHSA-v3p8-j597-3xg8

github.com/berez23/daf/issues/161

github.com/dreamboy9/spark/issues/36

github.com/keanhankins/ranger/issues/362

github.com/samqws-marketing/amzn-ion-hive-serde/issues/153

lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

45.9%

JSON

Related for VERACODE:36404