Security restrictions bypass vulnerabilities in Apache Hive

Published: 2018-11-09 14:54:51
Severity Low
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2018-1314
CVE-2018-11777
CVSSv3 5.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
5.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CWE ID CWE-264
Exploitation vector Network
Public exploit Not available
Vulnerable software Apache Hive
Vulnerable software versions Apache Hive 3.1.0
Apache Hive 3.0.0
Apache Hive 2.3.3
Show more
Vendor URL Apache Foundation

Security Advisory

1) Security restrictions bypass

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.

The vulnerability exists due to improper security restrictions when the EXPLAIN operation is used. A remote authenticated attacker can use the EXPLAIN operation in a query, bypass security restrictions, access or modify any file and conduct further attacks.

Remediation

The vulnerability has been fixed in the versions 2.3.4, 3.1.1.

External links

https://github.com/pyca/pyopenssl/pull/723

2) Security restrictions bypass

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.

The vulnerability exists due to improper security restrictions on local resources on HiveServer2 servers. A remote authenticated attacker can bypass security restrictions, access or modify any file if the Ranger, Sentry or SQL Standard authorizers are not in use and conduct further attacks.

Remediation

The vulnerability has been fixed in the versions 2.3.4, 3.1.1.

External links

https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E

Back to List