Authorization Vulnerability for Hive Partition-Level Operations

This section describes an authorization security issue with Hive.

Vulnerability A security vulnerability exists in Hive products using SqlStdHiveAuthorization, including versions of Hive that are distributed and supported by MapR.
Details Clusters running Hive with SqlStdHiveAuthorization are vulnerable. Specifically, authorization checks may not occur for partition-level operations. See also HIVE-12875 and this article.
Products Affected Hive 0.13, Hive 1.0, and Hive 1.2
Impact This vulnerability allows unauthorized disclosure of information, unauthorized modification of data, and possible disruption of service.
Severity High
Bug Tracking MapR bug 22701; see also HIVE-12875
Immediate Action Required Customers should download the 1603 version of Hive from http://package.mapr.com/releases/ or request it from support@mapr.com
Patch The 1603 ecosystem release from MapR contains patches for this vulnerability for Hive 0.13, Hive 1.0 and Hive 1.2 . Download the latest mapr-ecosystem RPM for your operating system from one of the following locations: