orbisai0security opened a new pull request, #55700: URL: https://github.com/apache/spark/pull/55700
## Summary Fix critical severity security issue in `sql/hive-thriftserver/src/main/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java`. ## Vulnerability | Field | Value | |-------|-------| | **ID** | V-001 | | **Severity** | CRITICAL | | **Scanner** | multi_agent_ai | | **Rule** | `V-001` | | **File** | `sql/hive-thriftserver/src/main/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java:97` | **Description**: The Hive Thrift Server's LDAP authentication provider constructs LDAP directory queries using user-supplied credentials (username) without sanitizing LDAP special characters. An attacker can supply a crafted username such as 'admin)(|(uid=*))' to modify the LDAP filter logic, potentially bypassing the password check entirely or enumerating LDAP directory entries. The InitialDirContext at line 97 is initialized with environment properties that include unsanitized user-supplied values, and any LDAP search filters built from the username are vulnerable to injection. ## Changes - `sql/hive-thriftserver/src/main/java/org/apache/hive/service/auth/LdapAuthenticationProviderImpl.java` ## Verification - [x] Build passes - [x] Scanner re-scan confirms fix - [x] LLM code review passed --- *Automated security fix by [OrbisAI Security](https://orbisappsec.com)* -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
