[jira] [Updated] (HIVE-27501) CVE-2022-45868: upgraded h2database version to 2.2.220

Sankar Hariappan (Jira) Thu, 13 Jul 2023 09:33:03 -0700


     [ 
https://issues.apache.org/jira/browse/HIVE-27501?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Sankar Hariappan updated HIVE-27501:
------------------------------------
    Affects Version/s: 3.1.3

> CVE-2022-45868: upgraded h2database version to 2.2.220
> ------------------------------------------------------
>
>                 Key: HIVE-27501
>                 URL: https://issues.apache.org/jira/browse/HIVE-27501
>             Project: Hive
>          Issue Type: Task
>    Affects Versions: 3.1.3
>            Reporter: Diksha
>            Assignee: Diksha
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 4.0.0
>
>
> The web-based admin console in H2 Database Engine through 2.1.214 can be 
> started via the CLI with the argument -webAdminPassword, which allows the 
> user to specify the password in cleartext for the web admin console. 
> Consequently, a local user (or an attacker that has obtained local access 
> through some means) would be able to discover the password by listing 
> processes and their arguments. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (HIVE-27501) CVE-2022-45868: upgraded h2database version to 2.2.220

Reply via email to