Vulnerability Description
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.
CVSS Score
5.9
MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Ranger | <= 0.7.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98961Third Party AdvisoryVDB Entry
- https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+RangRelease NotesVendor Advisory
- http://www.securityfocus.com/bid/98961Third Party AdvisoryVDB Entry
- https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+RangRelease NotesVendor Advisory
FAQ
What is CVE-2017-7677?
CVE-2017-7677 is a vulnerability with a CVSS score of 5.9 (MEDIUM). In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.
How severe is CVE-2017-7677?
CVE-2017-7677 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7677?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Ranger.