What is CVE-2020-1926?

CVE-2020-1926 is a medium-severity vulnerability in Apache Hive, classified under CWE-208. CVSS score: 5.9/10. Published 2021-03-16.

How severe is CVE-2020-1926?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Apache Hive

CVE-2020-1926

Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8

EPSS: 0.025 (82.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Apache Hive
Apache Software Foundation Hive — versions Apache Hive

Weakness classification (CWE)

References

security@apache.org (Patch, x_refsource_MISC, Issue Tracking, Vendor Advisory)
security@apache.org (Patch, Mailing List, x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2020-1926?: CVE-2020-1926 is a medium-severity vulnerability in Apache Hive, classified under CWE-208. CVSS score: 5.9/10. Published 2021-03-16.
How severe is CVE-2020-1926?: Medium severity. CVSS v3 base score is 5.9 out of 10.