CVE-2018-11792

9.8CRITICAL

Key Information:

Vendor: Apache
Status: Apache Impala
Vendor: CVE Published:; 24 October 2018

Summary

In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database.

Affected Version(s)

Apache Impala Apache Impala 3.0.0

References

http://www.securityfocus.com/bid/105739

vdb-entryx_refsource_BID

https://lists.apache.org/thread.html/cba8f18df15af862aa07...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 24, 2018
Vulnerability Reserved
Jun 5, 2018