Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query.
Vector
NETWORK
Complexity
LOW
Authentication
SINGLE_INSTANCE
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE
Advisory | Patch | Confirmed | Link |
---|---|---|---|
105742 | |||
https://lists.apache.org/thread.html/cba8f18df15af862aa0... |