oss-sec mailing list archives

CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled

From: Ramesh Mani <rmani () apache org>
Date: Thu, 04 May 2023 21:37:03 +0000

Severity: critical

Affected versions:

- Apache Ranger Hive Plugin 2.0.0 through 2.3.0

Description:

Incorrect Permission Assignment for Critical Resource vulnerability in Apache Software Foundation Apache Ranger Hive 
Plugin.This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0.

This issue is being tracked as RANGER-3474 RANGER-3357 

References:

https://ranger.apache.org/
https://www.cve.org/CVERecord?id=CVE-2021-40331
https://issues.apache.org/jira/browse/RANGER-3474
https://issues.apache.org/jira/browse/RANGER-3357

Current thread:

CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled Ramesh Mani (May 04)