CVE-2015-7521
First published: Fri Jan 29 2016(Updated: )
The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Hive | =1.0.0 | |
| Apache Hive | =1.0.1 | |
| Apache Hive | =1.1.0 | |
| Apache Hive | =1.2.0 | |
| Apache Hive | =1.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E
- http://packetstormsecurity.com/files/135836/Apache-Hive-Authorization-Bypass.html
- http://www.openwall.com/lists/oss-security/2016/01/28/12
- http://www.securityfocus.com/archive/1/537549/100/0/threaded
- collector/nvd-index
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache hive
- version/apache hive/1.0.0
- version/apache hive/1.0.1
- version/apache hive/1.1.0
- version/apache hive/1.2.0
- version/apache hive/1.2.1