Vulnerabilities > CVE-2018-1314 - Missing Authorization vulnerability in Apache Hive
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www.securityfocus.com/bid/105884
- http://www.securityfocus.com/bid/105884
- https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727%40%3Cdev.hive.apache.org%3E
- https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727%40%3Cdev.hive.apache.org%3E