CVE-2015-7521

Name of the Vulnerable Software and Affected Versions Apache Hive versions 1.0.0 through 1.2.1

Description The issue concerns the authorization framework, allowing attackers to bypass intended access restrictions on parent tables via partition-level operations, in clusters protected by Ranger and SqlStdHiveAuthorization.

Recommendations For Apache Hive versions 1.0.0 through 1.2.1, consider restricting access to partition-level operations until a fix is available. As a temporary workaround, review and tighten the authorization settings in Ranger and SqlStdHiveAuthorization to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.