Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.
References
Link | Resource |
---|---|
http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E | Mailing List Vendor Advisory |
http://www.securityfocus.com/bid/101686 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-11-01 06:29
Updated : 2017-11-21 11:41
NVD link : CVE-2017-12625
Mitre link : CVE-2017-12625
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
apache
- hive