1. CVE-Search
  2. CVE-2018-1314
ID CVE-2018-1314
Summary In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:hive:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:0.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:0.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:0.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:0.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:0.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:0.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:0.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:0.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:hive:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:hive:3.1.0:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
bid 105884
misc https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E
Last major update 03-10-2019 - 00:03
Published 08-11-2018 - 14:29
Last modified 03-10-2019 - 00:03
Back to Top