CVE-2021-34538

Apache Hive Security vulnerability in Hive with UDFs

EPSS 1.4%CWE-306

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 1.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

16 jul 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious.

Produtos afetados

Apache Software Foundation · Apache Hive

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354