Security Advisory

CVE-2020-1926

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-03-16 13:00:16

Last updated 2025-02-13 16:27:38

Assigner apache

State PUBLISHED

Description

Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8

← Browse all CVEs View on cve.org ↗