-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing authorization checks for the ALTERTABLE_OWNER operation in the checkPrivileges method. The commit diff shows the addition of an else-if branch specifically for ALTERTABLE_OWNER, which constructs an access request requiring ALTER permission. Prior to this fix, the absence of this handling allowed users with only SELECT privileges to perform ownership changes, violating proper permission assignment. The targeted patch and CVE description confirm this was the root cause.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.ranger:ranger-hive-plugin | maven | >= 2.0.0, < 2.4.0 | 2.4.0 |