CVE-2015-7521

CWE-287 — Improper Authentication7 documents5 sources

Severity

8.3HIGH

EPSS

0.4%

top 39.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Hive

Timeline

PublishedJan 29

Latest updateNov 21

Description

The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.7

Affected Packages4 packages

▶Mavenorg.apache.hive:hive1.0.0 — 1.2.2

▶Mavenorg.apache.hive:hive-exec1.0.0 — 1.2.2

▶Mavenorg.apache.hive:hive-service1.0.0 — 1.2.2

▶NVDapache/hive5 versions+4

🔴Vulnerability Details

OSV

High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service↗2018-11-21

▶

GHSA

High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service↗2018-11-21

▶

CVEList

CVE-2015-7521: The authorization framework in Apache Hive 1↗2016-01-29

▶

💬Community

Bugzilla

CVE-2015-7521 Apache Hive: authorization vulnerability↗2016-01-29

▶

Bugzilla

CVE-2015-7521 Apache Hive: authorization vulnerability [fedora-all]↗2016-01-29

▶