← back
CVE-2015-7521

CVE-2015-7521

EPSS 6.1%
The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3Ehttp://packetstormsecurity.com/files/135836/Apache-Hive-Authorization-Bypass.htmlhttp://www.openwall.com/lists/oss-security/2016/01/28/12http://www.securityfocus.com/archive/1/537549/100/0/threaded