Apache Hive EXPLAIN Operation Unauthorized Access Vulnerability

A vulnerability in Apache Hive could allow an authenticated, remote attacker to gain unauthorized access to a targeted system.

The vulnerability is due to improper security restrictions that are imposed by the affected software when the EXPLAIN operation is used. An attacker on an affected system could exploit this vulnerability to access or modify any file by using the EXPLAIN operation in a query. A successful exploit could be used to conduct further attacks.

Apache has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-1314

Source:: Cisco Multivendor Vulnerability Alerts