[java-sig-commits] [Bug 1303041] New: CVE-2015-7521 Apache Hive: authorization vulnerability

https://bugzilla.redhat.com/show_bug.cgi?id=1303041 Bug ID: 1303041 Summary: CVE-2015-7521 Apache Hive: authorization vulnerability Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: java-sig-commits(a)lists.fedoraproject.org, me(a)coolsvap.net, moceap(a)hotmail.com, pmackinn(a)redhat.com The following flaw was reported in Apache Hive: Some partition-level operations exist that do not explicitly also authorize privileges of the parent table. This can lead to issues when the parent table would have denied the operation, but no denial occurs because the partition-level privilege is not checked by the authorization framework, which defines authorization entities only from the table level upwards. This issue is known to affect Hive clusters protected by both Ranger as well as SqlStdHiveAuthorization. External reference: http://seclists.org/bugtraq/2016/Jan/157 -- You are receiving this mail because: You are on the CC list for the bug.