oss-sec mailing list archives
CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled
From: Ramesh Mani <rmani () apache org>
Date: Thu, 04 May 2023 21:37:03 +0000
Severity: critical Affected versions: - Apache Ranger Hive Plugin 2.0.0 through 2.3.0 Description: Incorrect Permission Assignment for Critical Resource vulnerability in Apache Software Foundation Apache Ranger Hive Plugin.This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. This issue is being tracked as RANGER-3474 RANGER-3357 References: https://ranger.apache.org/ https://www.cve.org/CVERecord?id=CVE-2021-40331 https://issues.apache.org/jira/browse/RANGER-3474 https://issues.apache.org/jira/browse/RANGER-3357
Current thread:
- CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled Ramesh Mani (May 04)