Vulnerability Details : CVE-2018-11777
In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.
Products affected by CVE-2018-11777
- cpe:2.3:a:apache:hive:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:hive:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-11777
0.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-11777
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:N |
8.0
|
4.9
|
NIST | |
|
8.1
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
NIST |
References for CVE-2018-11777
-
http://www.securityfocus.com/bid/105886
Apache Hive CVE-2018-11777 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E
[SECURITY] CVE-2018-11777: Blocking local resource access in HiveServer2 - Pony MailMitigation;Mailing List;Vendor Advisory
Jump to