CVE-2018-11777

Summary

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache HiveAll versions of Hive, including 2.3.3, 3.1.0 and earlieraffected

Weaknesses

  • Exposure of Resource to Wrong Sphere

ADP Enrichment

CVE Program Container

Additional References

References