An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled
This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.


Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-10-11T17:07:19.817Z

Reserved: 2021-08-31T09:23:23.832Z

Link: CVE-2021-40331

cve-icon Vulnrichment

Updated: 2024-08-04T02:27:31.979Z

cve-icon NVD

Status : Modified

Published: 2023-05-05T08:15:08.683

Modified: 2024-11-21T06:23:52.733

Link: CVE-2021-40331

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.