CVE-2017-12625

MEDIUM4.3EPSS 0.47%

Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service

發布日:2019/3/14修改日:2023/11/8

描述

Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.

受影響套件(3)

Maven/org.apache.hive:hive>= 2.1.0, < 2.1.2
Maven/org.apache.hive:hive-exec>= 2.1.0, < 2.1.2
Maven/org.apache.hive:hive-service>= 2.1.0, < 2.1.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

參考連結(4)

ADVISORYhttps://github.com/advisories/GHSA-2g9q-chq2-w8qw
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-12625
WEBhttp://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E
WEBhttp://www.securityfocus.com/bid/101686