CVE-2014-0228

Опубликовано: 16 нояб. 2014

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.

Ссылки

http://mail-archives.apache.org/mod_mbox/hive-user/201406.mbox/%3CCABgNGzeN7E+9d=YV5yvnKA7wmSx1op_avtUjPcPtDaR6DLJM6g%40mail.gmail.com%3E
http://packetstormsecurity.com/files/127091/Apache-Hive-0.13.0-Authorization-Failure.html
http://www.securityfocus.com/archive/1/532418/100/0/threaded
http://mail-archives.apache.org/mod_mbox/hive-user/201406.mbox/%3CCABgNGzeN7E+9d=YV5yvnKA7wmSx1op_avtUjPcPtDaR6DLJM6g%40mail.gmail.com%3E
http://packetstormsecurity.com/files/127091/Apache-Hive-0.13.0-Authorization-Failure.html
http://www.securityfocus.com/archive/1/532418/100/0/threaded

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:hive:*:*:*:*:*:*:*:*

Версия до 0.13.0 (включая)

EPSS

Процентиль: 55%

0.00322

Низкий

3.5 Low

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-w4x9-4f5x-8jj8

github

около 7 лет назад

Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service