CVE-2018-1314
published 2018-11-08CVE-2018-1314: In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized…
medium4.3CVSS 3.0
AVNACLPRLUINSUCLINAN
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | hive | <= 2.3.3 | — |
| apache | hive | 3.0.0 – 3.1.0 | — |
| apache_software_foundation | apache_hive | — | — |