Vulnerability Details CVE-2018-11792
In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.securityfocus.com/bid/105739
- https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247%40%3Cdev.impala.apache.org%3E
- http://www.securityfocus.com/bid/105739
- https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247%40%3Cdev.impala.apache.org%3E
Products affected by CVE-2018-11792
-
cpe:2.3:a:apache:impala:2.10.0
-
cpe:2.3:a:apache:impala:2.11.0
-
cpe:2.3:a:apache:impala:2.12.0
-
cpe:2.3:a:apache:impala:2.7.0
-
cpe:2.3:a:apache:impala:2.8.0
-
cpe:2.3:a:apache:impala:2.9.0
-
cpe:2.3:a:apache:impala:3.0.0