CVE-2018-11792
First published: Wed Oct 24 2018(Updated: )
In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Impala | <3.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-11792?
CVE-2018-11792 is considered a medium-severity vulnerability due to its potential security implications.
How do I fix CVE-2018-11792?
To fix CVE-2018-11792, upgrade to Apache Impala version 3.0.1 or later.
What systems are affected by CVE-2018-11792?
CVE-2018-11792 affects Apache Impala versions prior to 3.0.1.
What is the impact of exploiting CVE-2018-11792?
Exploiting CVE-2018-11792 could allow an unauthorized user to gain elevated privileges on a database.
Are there any workarounds for CVE-2018-11792?
A potential workaround for CVE-2018-11792 is to restrict user permissions to minimize the risk of unauthorized ALTER actions.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- vendor/apache
- canonical/apache impala