CVE-2018-1314
First published: Thu Nov 08 2018(Updated: )
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Hive | <=2.3.3 | |
| Apache Hive | >=3.0.0<=3.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-1314?
CVE-2018-1314 is a vulnerability in Apache Hive that allows unauthorized users to perform an "EXPLAIN" operation on arbitrary tables or views.
How does CVE-2018-1314 impact Apache Hive?
CVE-2018-1314 allows unauthorized users to expose table metadata and statistics by performing an "EXPLAIN" operation on arbitrary tables or views.
What is the severity of CVE-2018-1314?
CVE-2018-1314 has a severity rating of 4.3, which is considered medium.
How can I fix CVE-2018-1314 in Apache Hive?
To fix CVE-2018-1314, upgrade to Apache Hive version 3.1.1 or later.
Where can I find more information about CVE-2018-1314?
More information about CVE-2018-1314 can be found at the following references: [1] [2]
- collector/nvd-index
- vendor/apache
- product/hive
- canonical/apache hive