CVE-2020-1926: Information Exposure

March 16, 2021 (updated March 22, 2021)

Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive

References

issues.apache.org/jira/browse/HIVE-22708
lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2020-1926

Detect and mitigate CVE-2020-1926 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →