CVE & CISA-KEV Catalog

CVE-2021-28131

HIGHEPSS 87th pctl
7.5
CVSS v3
NVD

Description

Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the attacker is able to execute statements for which they don't have the necessary privileges otherwise. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user. Mitigation: If an Impala deployment uses Apache Sentry, Apache Ranger or audit logging, then users should upgrade to a version of Impala with the fix for IMPALA-10600. The Impala 4.0 release includes this fix. This hides session secrets from the logs to eliminate the risk of any attack using this mechanism. In lieu of an upgrade, restricting access to logs that expose secrets will reduce the risk of an attack. Restricting access to the Impala deployment to trusted users will also reduce the risk of an attack. Log redaction techniques can be used to redact secrets from the logs.

How to fix

Remediation Available
impalaNVD
Affected:< 4.0.0Fixed in:4.0.0CVE-2021-28131derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

3.32%probability of exploitation in 30 days
87thpercentile

Elevated risk: more likely to be exploited than 87% of all known CVEs.

References

Vendor Advisory1
Third-Party Advisory1
Other references1
Embed a live status badge for CVE-2021-28131
CVE-2021-28131 severity badge

Markdown

[![CVE-2021-28131](https://tridentstack.com/cve/badge/CVE-2021-28131.svg)](https://tridentstack.com/cve/CVE-2021-28131)

HTML

<a href="https://tridentstack.com/cve/CVE-2021-28131"><img src="https://tridentstack.com/cve/badge/CVE-2021-28131.svg" alt="CVE-2021-28131"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.