Lucene search
Veracode Vulnerability DatabaseVERACODE:40456HistoryMay 10, 2023 - 2:20 a.m.
Privilege Escalation
2023-05-1002:20:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
ranger-hive-plugin
privilege escalation
vulnerability
ownership change
hive table
0.001 Low
EPSS
Percentile
30.2%
org.apache.ranger:ranger-hive-plugin is vulnerable to Privilege Escalation. An Incorrect Permission Assignment vulnerability exists in RangerHiveAuthorizer.java, which allows any user with SELECT capability to change the ownership of a Hive table.
| CPE | Name | Operator | Version |
|---|---|---|---|
| hive security plugin | le | 2.1.0.7.2.15.0-147 | |
| hive security plugin | le | 2.1.0.7.2.15.0-147 |
References
github.com/advisories/GHSA-vjr2-wpfh-5r9p
github.com/apache/ranger/commit/aca73deb28b567ce7ea6d4f508e7ab6ab813c0fd
github.com/apache/ranger/commit/c3cc47da40f0f7504a3ed6ba7ecc363bc3afb248
issues.apache.org/jira/browse/RANGER-3357
issues.apache.org/jira/browse/RANGER-3474
lists.apache.org/thread/s68yls6cnkdmzn1k4hqt50vs6wjvt2rn
Related
osv
osv
Apache Ranger Hive Plugin missing permissions check
2023-05-05 09:30:15
CVE-2021-40331
2023-05-05 08:15:08
prion
prion
Design/Logic Flaw
2023-05-05 08:15:00
nvd
nvd
CVE-2021-40331
2023-05-05 08:15:08
cvelist
cvelist
CVE-2021-40331 Permissions problem in the Apache Ranger Hive Plugin
2023-05-05 07:55:06
cve
cve
CVE-2021-40331
2023-05-05 08:15:08
github
github
Apache Ranger Hive Plugin missing permissions check
2023-05-05 09:30:15