Improper Authorization

CVE-2018-11777

High

8.1/10

Summary

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-285 - Improper Authorization

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References

Advisory
Advisory
Issue

Advisory Timeline

Published Nov 08, 2018

Improper Authorization

CVE-2018-11777

Summary

CWE-285 - Improper Authorization

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS