High severityNVD Advisory· Published Nov 8, 2018· Updated Aug 5, 2024
CVE-2018-11777
CVE-2018-11777
Description
In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.hive:hive-execMaven | >= 3.0.0, < 3.1.1 | 3.1.1 |
org.apache.hive:hive-execMaven | < 2.3.4 | 2.3.4 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-rrfq-g5fq-fc9cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-11777ghsaADVISORY
- www.securityfocus.com/bid/105886ghsavdb-entryx_refsource_BIDWEB
- lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb%40%3Cdev.hive.apache.org%3Emitrex_refsource_MISC
- lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3EghsaWEB
News mentions
0No linked articles in our index yet.