Security Vulnerability Update - April 28, 2016

Blog Post created by wade on Apr 30, 2016

Security Vulnerability Update


A security vulnerability exists in Hive products using SqlStdHiveAuthorization, including versions of Hive that are distributed and supported by MapR.


Why is this important to me?


Clusters running Hive with SqlStdHiveAuthorization are vulnerable. Specifically, authorization checks may not occur for partition-level operations. See also HIVE-12875 and this article.


Severity: High


Products Affected:


Hive 0.13

Hive 1.0

Hive 1.2




This vulnerability allows unauthorized disclosure of information, unauthorized modification of data, and possible disruption of service.


Immediate Action Required:


Customers should download the 1603 version of Hive from http://package.mapr.com/releases/ or request it from support@mapr.com


For any questions or concerns regarding this notificiation please contact MapR Support.


MapR Support