You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ranger.apache.org by 廉立伟 Liwei <li...@jiduauto.com> on 2023/05/06 02:19:16 UTC
答复: CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled
How to upgrade Ranger from 2.1.0 to 2.3.0
发件人: Ramesh Mani <rm...@apache.org>
日期: 星期五, 2023年5月5日 05:37
收件人: announce@apache.org <an...@apache.org>, user@ranger.apache.org <us...@ranger.apache.org>
主题: CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled
Severity: critical
Affected versions:
- Apache Ranger Hive Plugin 2.0.0 through 2.3.0
Description:
Incorrect Permission Assignment for Critical Resource vulnerability in Apache Software Foundation Apache Ranger Hive Plugin.This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0.
This issue is being tracked as RANGER-3474 RANGER-3357
References:
https://ranger.apache.org/
https://www.cve.org/CVERecord?id=CVE-2021-40331
https://issues.apache.org/jira/browse/RANGER-3474
https://issues.apache.org/jira/browse/RANGER-3357
请注意,这是一封外部邮件!请仔细确认邮件来源,并慎重打开邮件相关附件/链接,谨防网络钓鱼攻击。
External email attention! Please carefully confirm the source of the email before opening any attachments/links to avoid phishing attacks.
免责声明:本邮件所包含信息发给指定个人或机构,邮件可能包含保密或专属信息。未经接收者许可,不得阅读、转发或传播邮件内容,或根据邮件内容采取任何相关行动。如果错误地收到了此邮件,请与收件人联系并自行删除邮件内容。 Disclaimer:The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error , please contact the sender and delete the material from any computer.
答复: CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled
Posted by 廉立伟 Liwei <li...@jiduauto.com>.
How to upgrade Ranger-admin from 2.1.0 to 2.4.0
发件人: 廉立伟 Liwei <li...@jiduauto.com>
日期: 星期六, 2023年5月6日 10:19
收件人: user@ranger.apache.org <us...@ranger.apache.org>, announce@apache.org <an...@apache.org>
主题: 答复: CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled
How to upgrade Ranger from 2.1.0 to 2.3.0
发件人: Ramesh Mani <rm...@apache.org>
日期: 星期五, 2023年5月5日 05:37
收件人: announce@apache.org <an...@apache.org>, user@ranger.apache.org <us...@ranger.apache.org>
主题: CVE-2021-40331: Apache Ranger Hive Plugin: Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled
Severity: critical
Affected versions:
- Apache Ranger Hive Plugin 2.0.0 through 2.3.0
Description:
Incorrect Permission Assignment for Critical Resource vulnerability in Apache Software Foundation Apache Ranger Hive Plugin.This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0.
This issue is being tracked as RANGER-3474 RANGER-3357
References:
https://ranger.apache.org/
https://www.cve.org/CVERecord?id=CVE-2021-40331
https://issues.apache.org/jira/browse/RANGER-3474
https://issues.apache.org/jira/browse/RANGER-3357
请注意,这是一封外部邮件!请仔细确认邮件来源,并慎重打开邮件相关附件/链接,谨防网络钓鱼攻击。
External email attention! Please carefully confirm the source of the email before opening any attachments/links to avoid phishing attacks.
免责声明:本邮件所包含信息发给指定个人或机构,邮件可能包含保密或专属信息。未经接收者许可,不得阅读、转发或传播邮件内容,或根据邮件内容采取任何相关行动。如果错误地收到了此邮件,请与收件人联系并自行删除邮件内容。 Disclaimer:The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error , please contact the sender and delete the material from any computer.
请注意,这是一封外部邮件!请仔细确认邮件来源,并慎重打开邮件相关附件/链接,谨防网络钓鱼攻击。
External email attention! Please carefully confirm the source of the email before opening any attachments/links to avoid phishing attacks.