CVE-2018-11777
Improper Authentication in hive:hive-exec
8.1
HIGH
CVSS 3.1
EPSS 0.25%
Description
In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.
How to fix CVE-2018-11777
To remediate CVE-2018-11777, upgrade the affected package to a fixed version below.
- Maven/org.apache.hive:hive-exec—upgrade to 3.1.1 or later
Is CVE-2018-11777 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 3.0.0, < 3.1.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |