What is CVE-2018-11777?

CVE-2018-11777 is a high-severity vulnerability in Apache Hive. CVSS score: 8.1/10. Published 2018-11-08.

How severe is CVE-2018-11777?

High severity. CVSS v3 base score is 8.1 out of 10.

Is CVE-2018-11777 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Hive

CVE-2018-11777

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

EPSS: 0.023 (81.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Apache Hive
Apache Software Foundation Hive — versions All versions of Hive, including 2.3.3, 3.1.0 and earlier

Public proof-of-concept exploits

yahoo/hive-funnel-udf

References

security@apache.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
security@apache.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-11777?: CVE-2018-11777 is a high-severity vulnerability in Apache Hive. CVSS score: 8.1/10. Published 2018-11-08.
How severe is CVE-2018-11777?: High severity. CVSS v3 base score is 8.1 out of 10.
Is CVE-2018-11777 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.