CVE-2018-1314

CVSS v3.0 4.3 (Medium)

CVSS v2.0 4 (Medium)

EPSS 0.06 % (28^th)

Affected Products 1

Advisories 1

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.

Weaknesses

CWE-862: Missing Authorization

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2018-11-08 14:29:00
(5 years ago)
Updated Date: 2023-11-07 02:55:57
(10 months ago)

Affected Products

Apache

Hive

Configuration #1

		CPE23	From	Up To
	Apache Hive 2.3.3 and prior versions	cpe:2.3:a:apache:hive		<= 2.3.3
	Apache Hive from 3.0.0 version and 3.1.0 and prior versions	cpe:2.3:a:apache:hive	>= 3.0.0	<= 3.1.0