vulnerability

FreeBSD: hive -- authorization logic vulnerability (CVE-2015-7521)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Jan 29, 2016	Jul 4, 2016	Oct 30, 2017

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Jan 29, 2016

Added

Jul 4, 2016

Modified

Oct 30, 2017

Description

The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.

Solution

freebsd-upgrade-package-hive

References

CVE-2015-7521
https://attackerkb.com/topics/CVE-2015-7521
URL-http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB%40minotaur.apache.org%3E

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today