PT-2023-12360 · Apache · Apache Ranger Hive Plugin

Ramesh Mani

Publicado

2023-05-05

Atualizado

2024-10-11

CVE-2021-40331

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Apache Ranger Hive Plugin versions 2.0.0 through 2.3.0

Description An Incorrect Permission Assignment for Critical Resource issue was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled.

Recommendations For Apache Ranger Hive Plugin versions 2.0.0 through 2.3.0, upgrade to version 2.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the SELECT privilege on databases to minimize the risk of exploitation.

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2021-40331

GHSA-VJR2-WPFH-5R9P

Produtos afetados

Apache Ranger Hive Plugin

PT-2023-12360 · Apache · Apache Ranger Hive Plugin

CVE-2021-40331

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10