CVE-2018-11777

4 documents4 sources

Severity

8.1HIGH

EPSS

0.3%

top 50.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Hive Apache Software Foundation Apache Hive

Timeline

PublishedNov 8

Latest updateNov 21

Description

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

▶Mavenorg.apache.hive:hive-exec3.0.0 — 3.1.1+1

▶NVDapache/hive3.0.0 — 3.1.0+1

▶CVEListV5apache_software_foundation/apache_hiveAll versions of Hive, including 2.3.3, 3.1.0 and earlier

🔴Vulnerability Details

OSV

Improper Authentication in hive:hive-exec↗2018-11-21

▶

GHSA

Improper Authentication in hive:hive-exec↗2018-11-21

▶

CVEList

CVE-2018-11777: In Apache Hive 2↗2018-11-08

▶