CVE-2020-1926

Опубликовано: 16 мар. 2021

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8

Ссылки

https://issues.apache.org/jira/browse/HIVE-22708
Issue Tracking
Patch
Vendor Advisory
https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E
Mailing List
Patch
Vendor Advisory
https://issues.apache.org/jira/browse/HIVE-22708
Issue Tracking
Patch
Vendor Advisory
https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E
Mailing List
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:hive:*:*:*:*:*:*:*:*

Версия до 2.3.8 (исключая)

EPSS

Процентиль: 64%

0.00478

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-208

CWE-203

Связанные уязвимости

GHSA-54g4-5cf6-hjp3