FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

hive -- authorization logic vulnerability

Affected packages
hive < 2.0.0


VuXML ID a5c204b5-4153-11e6-8dfe-002590263bf5
Discovery 2016-01-28
Entry 2016-07-03

Sushanth Sowmyan reports:

Some partition-level operations exist that do not explicitly also authorize privileges of the parent table. This can lead to issues when the parent table would have denied the operation, but no denial occurs because the partition-level privilege is not checked by the authorization framework, which defines authorization entities only from the table level upwards.


CVE Name CVE-2015-7521