CVE-2018-1314

Summary

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache HiveAll versions of Hive including 2.3.3, 3.1.0 and earlieraffected

Weaknesses

  • Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References