CVE-2017-12625
MEDIUMApache Hive <2.1.2, <2.2.1, <2.3.1 - Sensitive Information Exposure via Masking Bypass
Title source: llmDescription
Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.
References (2)
Core 2
Core References
Mailing List, Vendor Advisory mailing-list
x_refsource_mlist
http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101686
Scores
CVSS v3
4.3
EPSS
0.0047
EPSS Percentile
64.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (10)
apache/hive
2.1.0
apache/hive
2.1.1
apache/hive
2.2.0
apache/hive
2.3.0
Apache Software Foundation/Apache Hive
2.1.x before 2.1.2
Apache Software Foundation/Apache Hive
2.2.x before 2.2.1
Apache Software Foundation/Apache Hive
2.3.0
org.apache.hive/hive
2.1.0 - 2.1.2Maven
org.apache.hive/hive-exec
2.1.0 - 2.1.2Maven
org.apache.hive/hive-service
2.1.0 - 2.1.2Maven
Published
Nov 01, 2017
Tracked Since
Feb 18, 2026