Apache · Apache Ranger Hive Plugin · CVE-2021-40331
**Name of the Vulnerable Software and Affected Versions**
Apache Ranger Hive Plugin versions 2.0.0 through 2.3.0
**Description**
An Incorrect Permission Assignment for Critical Resource issue was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled.
**Recommendations**
For Apache Ranger Hive Plugin versions 2.0.0 through 2.3.0, upgrade to version 2.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the SELECT privilege on databases to minimize the risk of exploitation.