CVE-2017-12625

MEDIUM

Apache Hive < 2.1.2 - Information Disclosure

Title source: rule

Description

Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.

References (2)

[Mailing List, Vendor Advisory] http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/101686

Scores

CVSS v3 4.3

EPSS 0.0047

EPSS Percentile 64.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (7)

apache/hive

org.apache.hive/hive < 2.1.2Maven

org.apache.hive/hive-exec < 2.1.2Maven

org.apache.hive/hive-service < 2.1.2Maven

Timeline

Published Nov 01, 2017

Tracked Since Feb 18, 2026