[SECURITY] CVE-2018-1314: Hive explain query not being authorized

[SECURITY] CVE-2018-1314: Hive explain query not being authorized

Hive, Explain, All, Table, Query, Apache, Arbitrary, Entities, Involved, View, Unauthorized, Usercan, Statistics, Shall, Upgrade, Laterzdroj, Users, Mitigation, Metadataand, Necessaryauthorization, Expose, Earlierdescription

CVE-2018-1314: Hive explain query not being authorizedSeverity: ImportantVendor: The Apache Software FoundationVersions


CVE-2018-1314: Hive explain query not being authorized
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: This vulnerability affects all versions of Hive,
including 2.3.3, 3.1.0 and earlier
Description: Hive "EXPLAIN" operation does not check for necessary
authorization of involved entities in a query. An unauthorized user
can do "EXPLAIN" on arbitrary table or view and expose table metadata
and statistics.
Mitigation: all Hive users shall upgrade to 2.3.4 or 3.1.1 or later

Zdroj: Apache

2018-11-07 22:24:03 1522 415Facebook | Twitter | Google+ | LinkedIn
Web PHP developer Milan Jankovec

<Milan Jankovec> Full Stack Web Developer

Vytváram webové stránky a aplikácie na mieru. Čistý a validný HTML5 kód na každej platforme, moderné animované CSS3 štýly a neuveriteľné JavaScript kúzla. Bezpečný a rýchly PHP kód bez obmedzení s geniálnou architektúrou databáz.

Najčítanejšie články

What's New in MySQL 5.6 Release Candidate

The MySQL 5.6 Release Candidate is an aggregation of the previous MySQL 5.6 Development Milestone Releases (DMR) and provides a true functio... čítať viac

MySQL 5.6: Improvements in Thread Pool

MySQL Thread Pool has now been updated for the MySQL 5.6 version. Obviously, with the much higher concurrency of the MySQL Server in 5.6 its... čítať viac

DBA and Developer Guide to MySQL 5.6

MySQL is the most trusted and depended-on open source database platform in use today. As such, 9 out of the top 10 most popular and highly-t... čítať viac

MySQL Applier for Hadoop

To support the growing emphasis on real-time operations, MySQL is releasing a new MySQL Applier for Hadoop to enable the replication of even... čítať viac

MySQL Cluster 7.3 GA: Increasing Developer Flexibility and Simplicity

The MySQL team at Oracle are excited to announce the immediate availability of the MySQL Cluster 7.3 Development Milestone Release GA releas... čítať viac

MySQL Cluster Auto-Installer: Video Tutorial

Learn how easy it is to deploy a MySQL Cluster database that has been configured to best meet your applications needs within your environmen... čítať viac

MySQL Replication Utilities: Video Tutorial

Learn how to use MySQL 5.6 and the MySQL Utilities to setup, monitor and manage your MySQL replication topology. See how a single command ca... čítať viac

MySQL 5.6 Replication - Enabling the Next Generation of Web & Cloud Services

The new MySQL 5.6.5 Development Milestone Release (DMR) introduces a much anticipated feature - Global Transaction Identifiers (GTIDs) for M... čítať viac

Dnešný výber

The Apache News Round-up: week ending 30 December 2016

[this announcement is available online at https://s.apache.org/fleT ]Its a wrap! The Apache communitys final activities... čítať viac

Ubuntu - Fing: future-proofing Fingbox the IoT home network monitoring device

As many as 20.4 billion internet of things devices are estimated to be in use by 2020, according to Gartner, with consum... čítať viac

BM Top For K2 (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom BM Top For K2 (Joomla). BM Top For K2 Support K2 component. - This module ... čítať viac

March Template Competition

The Easter Template Competition is now under way!Hope you all enter and try and win our special prize!Enter Here:https://www.opencart.com/in... čítať viac

Christmas Snowfall (Joomla)

Joomla extension Christmas Snowfall (Joomla). Easy to use beautiful module to celebrate the joyful Christmas Snowfall.FEATURESOption to defi... čítať viac

Joomir Seo Pagination (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom Joomir Seo Pagination (Joomla). Joomla SEO pagination. This plugin solve j... čítať viac

WSE Facebook Like Box (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom WSE Facebook Like Box (Joomla). The WSE Facebook Sidebar lets you share yo... čítať viac

Fifa Widget Pack (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom Fifa Widget Pack (Joomla). Display easily 4 kinds of FIFAs Widget ! - Late... čítať viac