CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled

Ramesh Mani Thu, 04 May 2023 14:37:25 -0700

Severity: critical

Affected versions:


- Apache Ranger Hive Plugin 2.0.0 through 2.3.0

Description:

Incorrect Permission Assignment for Critical Resource vulnerability in Apache 
Software Foundation Apache Ranger Hive Plugin.This issue affects Apache Ranger 
Hive Plugin: from 2.0.0 through 2.3.0.

This issue is being tracked as RANGER-3474 RANGER-3357 

References:

https://ranger.apache.org/
https://www.cve.org/CVERecord?id=CVE-2021-40331
https://issues.apache.org/jira/browse/RANGER-3474
https://issues.apache.org/jira/browse/RANGER-3357

CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled

Reply via email to