Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVndm0taHJ3NS1oNnhm
Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.
Permalink: https://github.com/advisories/GHSA-5gvm-hrw5-h6xfJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVndm0taHJ3NS1oNnhm
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 5 years ago
Updated: over 1 year ago
CVSS Score: 7.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Identifiers: GHSA-5gvm-hrw5-h6xf, CVE-2015-1772
References:
- https://nvd.nist.gov/vuln/detail/CVE-2015-1772
- https://github.com/advisories/GHSA-5gvm-hrw5-h6xf
- https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
- http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3CCAOpgucy52yzNN1FaRcxwhZmx8ZtNRjmK6V0Bxk4svAD-R1q70Q@mail.gmail.com%3E
- http://www-01.ibm.com/support/docview.wss?uid=swg21969546
- http://www.securitytracker.com/id/1034365
Affected Packages
maven:org.apache.hive:hive-service
Dependent packages: 150Dependent repositories: 962
Downloads:
Affected Version Ranges: = 1.1.0, = 1.0.0
Fixed in: 1.1.1, 1.0.1
All affected versions: 1.0.0, 1.1.0
All unaffected versions: 0.8.0, 0.8.1, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.13.1, 0.14.0, 1.0.1, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3
maven:org.apache.hive:hive-exec
Dependent packages: 428Dependent repositories: 3,002
Downloads:
Affected Version Ranges: = 1.1.0, = 1.0.0
Fixed in: 1.1.1, 1.0.1
All affected versions: 1.0.0, 1.1.0
All unaffected versions: 0.8.0, 0.8.1, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.13.1, 0.14.0, 1.0.1, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3
maven:org.apache.hive:hive
Dependent packages: 2Dependent repositories: 7
Downloads:
Affected Version Ranges: = 1.1.0, = 1.0.0
Fixed in: 1.1.1, 1.0.1
All affected versions: 1.0.0, 1.1.0
All unaffected versions: 0.13.0, 0.13.1, 0.14.0, 1.0.1, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 4.0.0