Vulnerability Description
In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.
CVSS Score
8.1
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Hive | <= 2.3.3 |
References
- http://www.securityfocus.com/bid/105886Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83
- http://www.securityfocus.com/bid/105886Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83
FAQ
What is CVE-2018-11777?
CVE-2018-11777 is a vulnerability with a CVSS score of 8.1 (HIGH). In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.
How severe is CVE-2018-11777?
CVE-2018-11777 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11777?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Hive.