admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/34xxx/CVE-2021-34538.json
CVE Team fa10e8e280
"-Synchronized-Data."
2022-07-16 08:00:45 +00:00

86 lines
2.7 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-34538",
"STATE": "PUBLIC",
"TITLE": "Apache Hive Security vulnerability in Hive with UDFs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Hive",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Apache Hive",
"version_value": "3.1.3"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered and reported by Hideyuki Furue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Hive before 3.1.3 \"CREATE\" and \"DROP\" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "Very Important"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354",
"name": "https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354"
}
]
},
"source": {
"defect": [
"HIVE-25468",
""
],
"discovery": "UNKNOWN"
}
}
Reference in New Issue View Git Blame Copy Permalink