What is CVE-2021-34538?

CVE-2021-34538 is a high-severity vulnerability in Apache Hive, classified under Missing Authentication for Critical Function. CVSS score: 7.5/10. Published 2022-07-16.

How severe is CVE-2021-34538?

High severity. CVSS v3 base score is 7.5 out of 10.

Auth bypass in Apache Hive

CVE-2021-34538

Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privile…

Vulnerability class: Broken Authentication

EPSS: 0.013 (67.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Apache Hive
Apache Software Foundation Hive — versions Apache Hive

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

security@apache.org (Mailing List, x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-34538?: CVE-2021-34538 is a high-severity vulnerability in Apache Hive, classified under Missing Authentication for Critical Function. CVSS score: 7.5/10. Published 2022-07-16.
How severe is CVE-2021-34538?: High severity. CVSS v3 base score is 7.5 out of 10.