Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Apache Ranger Hive Plugin by Apache Software Foundation

    CVE-2021-40331 (GCVE-0-2021-40331)

    Vulnerability from nvd – Published: 2023-05-05 07:55 – Updated: 2024-10-11 17:07
    VLAI
    Title
    Permissions problem in the Apache Ranger Hive Plugin
    Summary
    An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Ranger Hive Plugin Affected: 2.0.0 , ≤ 2.3.0 (semver)
    Create a notification for this product.
    apache ranger Affected: 2.0.0 , ≤ 2.3.0 (custom)
        cpe:2.3:a:apache:ranger:*:*:*:*:*:hive:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:27:31.979Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/s68yls6cnkdmzn1k4hqt50vs6wjvt2rn"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:apache:ranger:*:*:*:*:*:hive:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ranger",
                "vendor": "apache",
                "versions": [
                  {
                    "lessThanOrEqual": "2.3.0",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40331",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T17:06:08.372365Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T17:07:19.817Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache Ranger Hive Plugin",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.0",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled\u003cbr\u003e\u003cp\u003eThis issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled\nThis issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.\n\n\n"
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "text": "critical"
                },
                "type": "Textual description of severity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-05T07:55:06.554Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.apache.org/thread/s68yls6cnkdmzn1k4hqt50vs6wjvt2rn"
            }
          ],
          "source": {
            "defect": [
              "RANGER-3474",
              "RANGER-3357"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Permissions problem in the Apache Ranger Hive Plugin",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2021-40331",
        "datePublished": "2023-05-05T07:55:06.554Z",
        "dateReserved": "2021-08-31T09:23:23.832Z",
        "dateUpdated": "2024-10-11T17:07:19.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-40331 (GCVE-0-2021-40331)

    Vulnerability from cvelistv5 – Published: 2023-05-05 07:55 – Updated: 2024-10-11 17:07
    VLAI
    Title
    Permissions problem in the Apache Ranger Hive Plugin
    Summary
    An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Ranger Hive Plugin Affected: 2.0.0 , ≤ 2.3.0 (semver)
    Create a notification for this product.
    apache ranger Affected: 2.0.0 , ≤ 2.3.0 (custom)
        cpe:2.3:a:apache:ranger:*:*:*:*:*:hive:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:27:31.979Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/s68yls6cnkdmzn1k4hqt50vs6wjvt2rn"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:apache:ranger:*:*:*:*:*:hive:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ranger",
                "vendor": "apache",
                "versions": [
                  {
                    "lessThanOrEqual": "2.3.0",
                    "status": "affected",
                    "version": "2.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-40331",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T17:06:08.372365Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T17:07:19.817Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache Ranger Hive Plugin",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.0",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled\u003cbr\u003e\u003cp\u003eThis issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled\nThis issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.\n\n\n"
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "text": "critical"
                },
                "type": "Textual description of severity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-05T07:55:06.554Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.apache.org/thread/s68yls6cnkdmzn1k4hqt50vs6wjvt2rn"
            }
          ],
          "source": {
            "defect": [
              "RANGER-3474",
              "RANGER-3357"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Permissions problem in the Apache Ranger Hive Plugin",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2021-40331",
        "datePublished": "2023-05-05T07:55:06.554Z",
        "dateReserved": "2021-08-31T09:23:23.832Z",
        "dateUpdated": "2024-10-11T17:07:19.817Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }