org.apache.ranger:ranger-hive-plugin is vulnerable to Privilege Escalation. An Incorrect Permission Assignment vulnerability exists in RangerHiveAuthorizer.java
, which allows any user with SELECT
capability to change the ownership of a Hive table.
CPE | Name | Operator | Version |
---|---|---|---|
hive security plugin | le | 2.1.0.7.2.15.0-147 | |
hive security plugin | le | 2.1.0.7.2.15.0-147 |
github.com/advisories/GHSA-vjr2-wpfh-5r9p
github.com/apache/ranger/commit/aca73deb28b567ce7ea6d4f508e7ab6ab813c0fd
github.com/apache/ranger/commit/c3cc47da40f0f7504a3ed6ba7ecc363bc3afb248
issues.apache.org/jira/browse/RANGER-3357
issues.apache.org/jira/browse/RANGER-3474
lists.apache.org/thread/s68yls6cnkdmzn1k4hqt50vs6wjvt2rn