{"containers": {"cna": {"affected": [{"product": "Apache Hive", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "2.1.x before 2.1.2"}, {"status": "affected", "version": "2.2.x before 2.2.1"}, {"status": "affected", "version": "2.3.0"}]}], "datePublic": "2017-10-31T00:00:00", "descriptions": [{"lang": "en", "value": "Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-08T10:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "[hive-user] 20171031 [CVE-2017-12625] Apache Hive information disclosure vulnerability for column masking", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E"}, {"name": "101686", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101686"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2017-10-31T00:00:00", "ID": "CVE-2017-12625", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Hive", "version": {"version_data": [{"version_value": "2.1.x before 2.1.2"}, {"version_value": "2.2.x before 2.2.1"}, {"version_value": "2.3.0"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "[hive-user] 20171031 [CVE-2017-12625] Apache Hive information disclosure vulnerability for column masking", "refsource": "MLIST", "url": "http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E"}, {"name": "101686", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101686"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:43:56.312Z"}, "title": "CVE Program Container", "references": [{"name": "[hive-user] 20171031 [CVE-2017-12625] Apache Hive information disclosure vulnerability for column masking", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E"}, {"name": "101686", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101686"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-12625", "datePublished": "2017-11-01T13:00:00Z", "dateReserved": "2017-08-07T00:00:00", "dateUpdated": "2024-09-16T22:30:24.930Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:hive:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "72D220DC-2FC4-478E-904D-7E525CEE3220", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hive:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBC7E998-E232-4F9F-A410-A62DC7849D40", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hive:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6C5C3B01-D22C-49BD-AD7B-E19E7AA4D498", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:hive:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2A4A04E3-9831-4D44-933C-A480573D6799", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns."}, {"lang": "es", "value": "Apache Hive, en versiones 2.1.x anteriores a la 2.1.2, versiones 2.2.x anteriores a la 2.2.1 y versiones 2.3.x anteriores a la 2.3.1 expone una interfaz en la que las pol\u00edticas de enmascaramiento pueden definirse en tablas o vistas. Por ejemplo, utilizando Apache Ranger. Cuando se crea una vista en una determinada tabla, no se lleva a cabo correctamente el cumplimiento de pol\u00edticas en la tabla para las columnas enmascaradas."}], "id": "CVE-2017-12625", "lastModified": "2024-11-21T03:09:55.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-01T13:29:00.583", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101686"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101686"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}