From f833117e3c13a80ca70d71d19d8074df4c13be0b Mon Sep 17 00:00:00 2001
From: "Mark J. Cox" <mark@awe.com>
Date: Sat, 16 Jul 2022 08:06:50 +0100
Subject: [PATCH] Apache Hive

---
 2021/34xxx/CVE-2021-34538.json | 81 +++++++++++++++++++++++++++++++---
 1 file changed, 74 insertions(+), 7 deletions(-)

diff --git a/2021/34xxx/CVE-2021-34538.json b/2021/34xxx/CVE-2021-34538.json
index 7d2d63ad852..755a944bfdf 100644
--- a/2021/34xxx/CVE-2021-34538.json
+++ b/2021/34xxx/CVE-2021-34538.json
@@ -1,18 +1,85 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
+        "ASSIGNER": "security@apache.org",
         "ID": "CVE-2021-34538",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Apache Hive Security vulnerability in Hive with UDFs"
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Apache Hive",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "Apache Hive",
+                                            "version_value": "3.1.3"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Apache Software Foundation"
+                }
+            ]
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "This vulnerability was discovered and reported by Hideyuki Furue."
+        }
+    ],
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Apache Hive before 3.1.3 \"CREATE\" and \"DROP\" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious."
             }
         ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": [
+        {
+            "other": "Very Important"
+        }
+    ],
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-306 Missing Authentication for Critical Function"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354"
+            }
+        ]
+    },
+    "source": {
+        "defect": [
+            "HIVE-25468",
+            ""
+        ],
+        "discovery": "UNKNOWN"
     }
-}
\ No newline at end of file
+}