CVE-2018-11777

HIGH8.1EPSS 0.25%

Improper Authentication in hive:hive-exec

發布日:2018/11/21修改日:2024/12/2

描述

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

受影響套件(1)

Maven/org.apache.hive:hive-exec>= 3.0.0, < 3.1.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.1	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

參考連結(4)

ADVISORYhttps://github.com/advisories/GHSA-rrfq-g5fq-fc9c
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-11777
WEBhttps://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E
WEBhttp://www.securityfocus.com/bid/105886