CVE-2017-12625

CWE-200Information Exposure6 documents5 sources
Severity
4.3MEDIUM
EPSS
0.5%
top 35.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache HiveApache Hive
Timeline
PublishedNov 1
Latest updateMar 14

Description

Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

Mavenorg.apache.hive:hive2.1.02.1.2+2
Mavenorg.apache.hive:hive-exec2.1.02.1.2+2
Mavenorg.apache.hive:hive-service2.1.02.1.2+2
NVDapache/hive4 versions+3
CVEListV5apache_software_foundation/apache_hive2.1.x before 2.1.2, 2.2.x before 2.2.1, 2.3.0+2

🔴Vulnerability Details

3
GHSA
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service2019-03-14
OSV
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service2019-03-14
CVEList
CVE-2017-12625: Apache Hive 22017-11-01

💬Community

2
Bugzilla
CVE-2017-12625 hive: Information disclosure vulnerability for column masking2017-11-03
Bugzilla
CVE-2017-12625 hive: Information disclosure vulnerability for column masking [fedora-all]2017-11-03
CVE-2017-12625 (MEDIUM CVSS 4.3) | Apache Hive 2.1.x before 2.1.2 | cvebase.io