CVE-2018-1314

4.3MEDIUM

Key Information:

Vendor: Apache
Status: Apache Hive
Vendor: CVE Published:; 8 November 2018

Summary

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.

Affected Version(s)

Apache Hive All versions of Hive including 2.3.3, 3.1.0 and earlier

References

http://www.securityfocus.com/bid/105884

vdb-entryx_refsource_BID

https://lists.apache.org/thread.html/3da47dbcbf09697387f2...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 8, 2018
Vulnerability Reserved
Dec 7, 2017