CVE-2014-0228: Apache Hive Authorization vulnerability
Vendor: The Apache Software Foundation
Versions affected: Apache Hive 0.13.0
Users affected: Users who have enabled SQL standards based authorization mode.
In SQL standards based authorization mode, the URIs used in Hive
queries are expected to be authorized on the file system permissions.
However, the directory used in import/export statements is not being
authorized. This allows a user who knows the directory to which data
has been exported to import that data into his table. This is possible
if the user HiveServer2 runs as has permissions for that directory and
Mitigation: Users who use SQL standards based authorization should
upgrade to 0.13.1.
Credit: This issue was discovered by Thejas Nair of Hortonworks.
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
Comment: GPGTools - https://gpgtools.org
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.