PT-2023-12360 · Apache · Apache Ranger Hive Plugin
Ramesh Mani
·
Published
2023-05-05
·
Updated
2024-10-11
·
CVE-2021-40331
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Ranger Hive Plugin versions 2.0.0 through 2.3.0
Description
An Incorrect Permission Assignment for Critical Resource issue was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled.
Recommendations
For Apache Ranger Hive Plugin versions 2.0.0 through 2.3.0, upgrade to version 2.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the SELECT privilege on databases to minimize the risk of exploitation.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Ranger Hive Plugin