Apache Hive HiveServer2 Local Resources Unauthorized Access Vulnerability

By GIXnews

A vulnerability in Apache Hive could allow an authenticated, remote attacker to gain unauthorized access to a targeted system.

The vulnerability exists because the affected software imposes improper security restrictions on local resources on HiveServer2 servers. An attacker on an affected system could exploit this vulnerability to access or modify any file if the Ranger, Sentry or SQL Standard authorizers are not in use. A successful exploit could be used to conduct further attacks.

Apache has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-11777

Source:: Cisco Multivendor Vulnerability Alerts