Terry, Yes this is seen with SQL stardard authorization, Ranger and I
suppose Sentry based authorization as well.
Hive was not passing the table objects to the authorization plugin
implementations during authorization api calls.
On Wed, Nov 7, 2018 at 1:49 PM Terry wrote:
>
> Daniel - Is this
Daniel - Is this happening when beeline security is enabled? Can you
provide a link for more info on this?
On Wed, Nov 7, 2018 at 14:25 Daniel Dai wrote:
> CVE-2018-1314: Hive explain query not being authorized
>
> Severity: Important
>
> Vendor: The Apache Software Foundation
>
> Versions
CVE-2018-1314: Hive explain query not being authorized
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: This vulnerability affects all versions of Hive,
including 2.3.3, 3.1.0 and earlier
Description: Hive "EXPLAIN" operation does not check for necessary