Vulnerability Details CVE-2015-7521
The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.4%
CVSS Severity
CVSS v3 Score 8.3
CVSS v2 Score 7.5
References
- http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E
- http://packetstormsecurity.com/files/135836/Apache-Hive-Authorization-Bypass.html
- http://www.openwall.com/lists/oss-security/2016/01/28/12
- http://www.securityfocus.com/archive/1/537549/100/0/threaded
- http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E
- http://packetstormsecurity.com/files/135836/Apache-Hive-Authorization-Bypass.html
- http://www.openwall.com/lists/oss-security/2016/01/28/12
- http://www.securityfocus.com/archive/1/537549/100/0/threaded
Products affected by CVE-2015-7521
-
cpe:2.3:a:apache:hive:1.0.0
-
cpe:2.3:a:apache:hive:1.0.1
-
cpe:2.3:a:apache:hive:1.1.0
-
cpe:2.3:a:apache:hive:1.2.0
-
cpe:2.3:a:apache:hive:1.2.1