CVE-2021-34538 is a vulnerability in Apache Hive
Published on July 16, 2022
Apache Hive Security vulnerability in Hive with UDFs
Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious.
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2021-34538
Want to know whenever a new CVE is published for Apache Hive? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Hive:- Version Apache Hive and below 3.1.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.