CVE-2020-1926
Description
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.478
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-1926 are fixed in Apache-hive 2.3.8 | Windows |
| Vulnerabilities CVE-2020-1926 are fixed in Apache-hive for Linux 2.3.8 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234