Privilege Escalation Vulnerability in Apache Impala by Cloudera
CVE-2018-11792

9.8CRITICAL

Key Information:

Vendor: Apache
Status: Apache Impala
Vendor: CVE Published:; 24 October 2018

Summary

In versions of Apache Impala prior to 3.0.1, a privilege escalation vulnerability exists that allows a user to exploit insufficient checks in the ALTER TABLE/VIEW RENAME command. This weakness may enable users with ALTER privileges on an existing table, combined with ALL privileges on a database, to move that table to a different database. Consequently, the user's ALL rights will propagate to the table unintentionally, granting unauthorized access and modification capabilities within the database.

Affected Version(s)

Apache Impala Apache Impala 3.0.0

References

http://www.securityfocus.com/bid/105739

vdb-entryx_refsource_BID

https://lists.apache.org/thread.html/cba8f18df15af862aa07...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 24, 2018
Vulnerability Reserved
Jun 5, 2018