Описание
Apache Hive Information Exposure and Observable Timing Discrepancy
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8
Пакеты
Наименование
org.apache.hive:hive
maven
Затронутые версииВерсия исправления
< 2.3.8
2.3.8
Связанные уязвимости
CVSS3: 5.9
nvd
почти 5 лет назад
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8