Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-rrfq-g5fq-fc9c

GitHub Security Advisory

Improper Authentication in hive:hive-exec

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

Affected Packages

Maven org.apache.hive:hive-exec
Affected versions: 3.0.0 (fixed in 3.1.1)
Maven org.apache.hive:hive-exec
Affected versions: 0 (fixed in 2.3.4)

Related CVEs

CVE-2018-11777

Key Information

GHSA ID
GHSA-rrfq-g5fq-fc9c
Published
November 21, 2018 10:25 PM
Last Modified
September 14, 2022 10:08 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
org.apache.hive:hive-exec
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 16, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.