Moderate severityNVD Advisory· Published Mar 16, 2021· Updated Feb 13, 2025
Timing attack in Cookie signature verification
CVE-2020-1926
Description
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.hive:hiveMaven | < 2.3.8 | 2.3.8 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-54g4-5cf6-hjp3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-1926ghsaADVISORY
- issues.apache.org/jira/browse/HIVE-22708ghsax_refsource_MISCWEB
- lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3Eghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.