CVE-2018-11792

Name of the Vulnerable Software and Affected Versions Apache Impala versions prior to 3.0.1

Description The issue allows a user with ALTER privilege on a table and ALL privilege on a particular database to potentially gain ALL privilege on a table by moving it to a database where they have ALL privilege, due to privilege inheritance from the database.

Recommendations For versions prior to 3.0.1, update to version 3.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ALTER TABLE/VIEW RENAME statement to minimize the risk of exploitation.