CVE-2017-12625: Exposure of Sensitive Information to an Unauthorized Actor

March 14, 2019 (updated August 30, 2021)

Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.

References

github.com/advisories/GHSA-2g9q-chq2-w8qw
nvd.nist.gov/vuln/detail/CVE-2017-12625

Detect and mitigate CVE-2017-12625 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →