CVE-2021-28131 Explained : Impact and Mitigation
Learn about CVE-2021-28131 affecting Apache Impala: Exploited secrets in logs enable session hijacking and unauthorized actions. Upgrade to Impala 4.0 to safeguard your deployment.
Impala sessions use a 16-byte secret for user verification, but these secrets are exposed in logs. Attackers with log access can hijack sessions and execute unauthorized statements, potentially escalating privileges. Users are advised to upgrade to Impala 4.0 to prevent exposure of secrets in logs or restrict log access to mitigate risks.