Back to search
CVE-2021-34538
Published: Jul 16, 2022
Modified: Aug 4, 2024
PUBLISHED
Description
Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Hive | affected Apache Hive - < 3.1.3 |
Weaknesses (CWE)
References
https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now