https://bugzilla.redhat.com/show_bug.cgi?id=1509186
Bug ID: 1509186 Summary: CVE-2017-12625 hive: Information disclosure vulnerability for column masking Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: java-sig-commits@lists.fedoraproject.org, me@coolsvap.net, moceap@hotmail.com, pmackinn@redhat.com
Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.
External References:
http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-8...
https://bugzilla.redhat.com/show_bug.cgi?id=1509186
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1509193
--- Comment #1 from Andrej Nemec anemec@redhat.com --- Created hive tracking bugs for this issue:
Affects: fedora-all [bug 1509193]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1509193 [Bug 1509193] CVE-2017-12625 hive: Information disclosure vulnerability for column masking [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1509186 Bug 1509186 depends on bug 1509193, which changed state.
Bug 1509193 Summary: CVE-2017-12625 hive: Information disclosure vulnerability for column masking [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1509193
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
https://bugzilla.redhat.com/show_bug.cgi?id=1509186 Bug 1509186 depends on bug 1509193, which changed state.
Bug 1509193 Summary: CVE-2017-12625 hive: Information disclosure vulnerability for column masking [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1509193
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |NEW Resolution|EOL |---
java-sig-commits@lists.fedoraproject.org