CVE-2020-1926

Published: 2021-03-16T13:15Z

Last Modified: 2024-11-21T05:11Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8 > MITRE Terms of Use apply – see LICENSE‑MITRE.txt