Vulnerabilities > Apache > Impala > 2.9.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-22 | CVE-2021-28131 | Information Exposure Through Log Files vulnerability in Apache Impala Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. | 7.5 |
| 2019-11-05 | CVE-2019-10084 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. | 7.5 |
| 2018-10-24 | CVE-2018-11792 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. | 9.8 |
| 2018-10-24 | CVE-2018-11785 | Missing Authorization vulnerability in Apache Impala Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query. | 6.5 |
| 2017-10-04 | CVE-2017-9792 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Impala 2.8.0/2.9.0 In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. | 6.5 |