CVE-2020-1926

Summary

Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache HiveApache Hive < 2.3.8affected

Weaknesses

  • CWE-208: CWE-208 Information Exposure Through Timing Discrepancy

ADP Enrichment

CVE Program Container

Additional References

References