Olaf Flebbe

**Name of the Vulnerable Software and Affected Versions** Apache Hive versions 1.0.0 through 1.2.1 **Description** The issue concerns the authorization framework, allowing attackers to bypass intended access restrictions on parent tables via partition-level operations, in clusters protected by Ranger and SqlStdHiveAuthorization. **Recommendations** For Apache Hive versions 1.0.0 through 1.2.1, consider restricting access to partition-level operations until a fix is available. As a temporary workaround, review and tighten the authorization settings in Ranger and SqlStdHiveAuthorization to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.