Home > Vulnerability Database > CVE-2021-34538

Mend.io Vulnerability Database

CVE-2021-34538

Good to know:

Date: July 16, 2022

Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious.

Language: Java

Severity Score

7.5

Related Resources (3)

Url: https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-34538

Url: https://www.mend.io/vulnerability-database/CVE-2021-34538

Severity Score

7.5

Weakness Type (CWE)

Missing Authentication for Critical Function

CWE-306

Top Fix

Upgrade Version

Upgrade to version org.apache.hive:hive-standalone-metastore:3.1.3;org.apache.hive:hive-metastore:3.1.3

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2021-34538

Good to know:

Date: July 16, 2022

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?