CVE-2020-1926

Name of the Vulnerable Software and Affected Versions: Apache Hive versions prior to 2.3.8

Description: The issue is related to Apache Hive's cookie signature verification, which used a non-constant time comparison. This comparison is known to be vulnerable to timing attacks, potentially allowing the recovery of another user's cookie signature.

Recommendations: For versions prior to 2.3.8, update to Apache Hive 2.3.8 to address the issue. As a temporary workaround, consider restricting access to sensitive operations that rely on cookie signature verification until the update is applied.