CVE-2018-1314

Name of the Vulnerable Software and Affected Versions Apache Hive versions 2.3.3, 3.1.0 and earlier

Description The issue concerns the "EXPLAIN" operation in Apache Hive, which fails to check for necessary authorization of involved entities in a query. This allows an unauthorized user to perform an "EXPLAIN" operation on any table or view, potentially exposing table metadata and statistics.

Recommendations For Apache Hive versions 2.3.3, 3.1.0 and earlier, consider restricting access to the "EXPLAIN" operation until a fix is available, to prevent unauthorized exposure of table metadata and statistics. At the moment, there is no information about a newer version that contains a fix for this vulnerability.