Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJnOXEtY2hxMi13OHF3
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.
Permalink: https://github.com/advisories/GHSA-2g9q-chq2-w8qwJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJnOXEtY2hxMi13OHF3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 5 years ago
Updated: almost 2 years ago
CVSS Score: 4.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Percentage: 0.00045
EPSS Percentile: 0.17509
Identifiers: GHSA-2g9q-chq2-w8qw, CVE-2017-12625
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-12625
- https://github.com/advisories/GHSA-2g9q-chq2-w8qw
- http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E
- http://www.securityfocus.com/bid/101686
Affected Packages
maven:org.apache.hive:hive-service
Dependent packages: 150Dependent repositories: 962
Downloads:
Affected Version Ranges: = 2.3.0, = 2.2.0, >= 2.1.0, < 2.1.2
Fixed in: 2.3.1, 2.2.1, 2.1.2
All affected versions: 2.1.0, 2.1.1, 2.2.0, 2.3.0
All unaffected versions: 0.8.0, 0.8.1, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.13.1, 0.14.0, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 2.0.0, 2.0.1, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.10, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 4.0.0, 4.0.1
maven:org.apache.hive:hive-exec
Dependent packages: 428Dependent repositories: 3,002
Downloads:
Affected Version Ranges: = 2.3.0, = 2.2.0, >= 2.1.0, < 2.1.2
Fixed in: 2.3.1, 2.2.1, 2.1.2
All affected versions: 2.1.0, 2.1.1, 2.2.0, 2.3.0
All unaffected versions: 0.8.0, 0.8.1, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.13.1, 0.14.0, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 2.0.0, 2.0.1, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.10, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 4.0.0, 4.0.1
maven:org.apache.hive:hive
Dependent packages: 2Dependent repositories: 7
Downloads:
Affected Version Ranges: = 2.3.0, = 2.2.0, >= 2.1.0, < 2.1.2
Fixed in: 2.3.1, 2.2.1, 2.1.2
All affected versions: 2.1.0, 2.1.1, 2.2.0, 2.3.0
All unaffected versions: 0.13.0, 0.13.1, 0.14.0, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 2.0.0, 2.0.1, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.10, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 4.0.0, 4.0.1