CVE-2017-12625

Опубликовано: 01 нояб. 2017

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.

Ссылки

http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E
Mailing List
Vendor Advisory
http://www.securityfocus.com/bid/101686
Third Party Advisory
VDB Entry
http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E
Mailing List
Vendor Advisory
http://www.securityfocus.com/bid/101686
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:hive:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:hive:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:hive:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:hive:2.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00468

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-2g9q-chq2-w8qw