CVE-2015-7521

8.3HIGH

Key Information:

Vendor: Apache
Status: Hive
Vendor: CVE Published:; 29 January 2016

Summary

The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.

References

http://www.openwall.com/lists/oss-security/2016/01/28/12

mailing-listx_refsource_MLIST

http://www.securityfocus.com/archive/1/537549/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/135836/Apache-Hive-A...

x_refsource_MISC

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 29, 2016
Vulnerability Reserved
Sep 29, 2015

.