https://bugzilla.redhat.com/show_bug.cgi?id=1303041
Bug ID: 1303041
Summary: CVE-2015-7521 Apache Hive: authorization vulnerability
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: java-sig-commits(a)lists.fedoraproject.org,
me(a)coolsvap.net, moceap(a)hotmail.com,
pmackinn(a)redhat.com
The following flaw was reported in Apache Hive:
Some partition-level operations exist that do not explicitly also
authorize privileges of the parent table. This can lead to issues when
the parent table would have denied the operation, but no denial occurs
because the partition-level privilege is not checked by the
authorization framework, which defines authorization entities only
from the table level upwards.
This issue is known to affect Hive clusters protected by both Ranger
as well as SqlStdHiveAuthorization.
External reference:
http://seclists.org/bugtraq/2016/Jan/157
--
You are receiving this mail because:
You are on the CC list for the bug.