Vulnerabilites related to Apache Software Foundation - Apache Hive
cve-2016-3083
Vulnerability from cvelistv5
Published
2017-05-30 14:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192%40%3Cdev.hive.apache.org%3E | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/98669 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Hive |
Version: 0.11.0 - 0.14.0 Version: 1.0.0 - 1.2.1 Version: 2.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:15.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dev] 20170524 CVE-2016-3083: Apache Hive SSL vulnerability bug disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192%40%3Cdev.hive.apache.org%3E"
},
{
"name": "98669",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98669"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Hive",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.11.0 - 0.14.0"
},
{
"status": "affected",
"version": "1.0.0 - 1.2.1"
},
{
"status": "affected",
"version": "2.0.0"
}
]
}
],
"datePublic": "2017-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server\u0027s certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn\u0027t seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-31T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[dev] 20170524 CVE-2016-3083: Apache Hive SSL vulnerability bug disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192%40%3Cdev.hive.apache.org%3E"
},
{
"name": "98669",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98669"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2016-3083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Hive",
"version": {
"version_data": [
{
"version_value": "0.11.0 - 0.14.0"
},
{
"version_value": "1.0.0 - 1.2.1"
},
{
"version_value": "2.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server\u0027s certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn\u0027t seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20170524 CVE-2016-3083: Apache Hive SSL vulnerability bug disclosure",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/0851bcf85635385f94cdaa008053802d92b4aab0a3075e30ed171192@%3Cdev.hive.apache.org%3E"
},
{
"name": "98669",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98669"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2016-3083",
"datePublished": "2017-05-30T14:00:00",
"dateReserved": "2016-03-10T00:00:00",
"dateUpdated": "2024-08-05T23:40:15.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12625
Vulnerability from cvelistv5
Published
2017-11-01 13:00
Modified
2024-09-16 22:30
Severity ?
EPSS score ?
Summary
Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/101686 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Hive |
Version: 2.1.x before 2.1.2 Version: 2.2.x before 2.2.1 Version: 2.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[hive-user] 20171031 [CVE-2017-12625] Apache Hive information disclosure vulnerability for column masking",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E"
},
{
"name": "101686",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101686"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Hive",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.1.x before 2.1.2"
},
{
"status": "affected",
"version": "2.2.x before 2.2.1"
},
{
"status": "affected",
"version": "2.3.0"
}
]
}
],
"datePublic": "2017-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-08T10:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[hive-user] 20171031 [CVE-2017-12625] Apache Hive information disclosure vulnerability for column masking",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E"
},
{
"name": "101686",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101686"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-10-31T00:00:00",
"ID": "CVE-2017-12625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Hive",
"version": {
"version_data": [
{
"version_value": "2.1.x before 2.1.2"
},
{
"version_value": "2.2.x before 2.2.1"
},
{
"version_value": "2.3.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[hive-user] 20171031 [CVE-2017-12625] Apache Hive information disclosure vulnerability for column masking",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/hive-user/201710.mbox/%3C3791103E-80D5-4E75-AF23-6F8ED54DDEBE%40apache.org%3E"
},
{
"name": "101686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101686"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-12625",
"datePublished": "2017-11-01T13:00:00Z",
"dateReserved": "2017-08-07T00:00:00",
"dateUpdated": "2024-09-16T22:30:24.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41137
Vulnerability from cvelistv5
Published
2024-12-05 10:01
Modified
2024-12-05 17:02
Severity ?
EPSS score ?
Summary
Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data.
In real deployments, the vulnerability can be exploited only by authenticated users/clients that were able to successfully establish a connection to the Metastore. From an API perspective any code that calls the unsafe method may be vulnerable unless it performs additional prerechecks on the input arguments.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Hive |
Version: 4.0.0-alpha-1 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-12-05T10:03:34.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/12/04/2"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:hive:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hive",
"vendor": "apache",
"versions": [
{
"lessThan": "4.0.0",
"status": "affected",
"version": "4.0.0-alpha-1",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-41137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T17:00:40.730056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T17:02:05.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.hive:hive-exec",
"product": "Apache Hive",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.0.0",
"status": "affected",
"version": "4.0.0-alpha-1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Junjie Liao"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apache Hive\u0026nbsp;Metastore (HMS) uses\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSerializationUtilities#deserializeObjectWithTypeInformation\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;method when filtering and fetching partitions that is unsafe and\u003c/span\u003e\u0026nbsp;can lead\u0026nbsp;to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data.\u003cbr\u003e\u003cbr\u003eIn real deployments, the vulnerability can be exploited only by authenticated users/clients that were able to successfully establish\u0026nbsp;a connection to the Metastore. From an API perspective any code that calls the unsafe method may be vulnerable unless it performs additional prerechecks on the input arguments."
}
],
"value": "Apache Hive\u00a0Metastore (HMS) uses\u00a0SerializationUtilities#deserializeObjectWithTypeInformation\u00a0method when filtering and fetching partitions that is unsafe and\u00a0can lead\u00a0to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data.\n\nIn real deployments, the vulnerability can be exploited only by authenticated users/clients that were able to successfully establish\u00a0a connection to the Metastore. From an API perspective any code that calls the unsafe method may be vulnerable unless it performs additional prerechecks on the input arguments."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T10:01:41.692Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"product"
],
"url": "https://github.com/apache/hive"
},
{
"tags": [
"issue-tracking"
],
"url": "https://issues.apache.org/jira/browse/HIVE-26539"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/hive/commit/60027bb9c91a93affcfebd9068f064bc1f2a74c9"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/jwtr3d9yovf2wo0qlxvkhoxnwxxyzgts"
}
],
"source": {
"defect": [
"HIVE-26539"
],
"discovery": "UNKNOWN"
},
"title": "Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-41137",
"datePublished": "2024-12-05T10:01:41.692Z",
"dateReserved": "2022-09-20T14:55:51.817Z",
"dateUpdated": "2024-12-05T17:02:05.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23945
Vulnerability from cvelistv5
Published
2024-12-23 15:26
Modified
2025-02-18 21:46
Severity ?
EPSS score ?
Summary
Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation.
The vulnerable CookieSigner logic was introduced in Apache Hive by HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following:
* org.apache.hive:hive-service
* org.apache.spark:spark-hive-thriftserver_2.11
* org.apache.spark:spark-hive-thriftserver_2.12
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Hive |
Version: 1.2.0 ≤ |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-12-23T18:03:26.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/12/23/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T01:50:23.681395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T21:46:57.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.hive:hive-service",
"product": "Apache Hive",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.0.0",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.spark:spark-hive-thriftserver_2.11",
"product": "Apache Spark",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.spark:spark-hive-thriftserver_2.12",
"product": "Apache Spark",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.3.4",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "3.4.2",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Kostya Kortchinsky"
},
{
"lang": "en",
"type": "reporter",
"value": "Hamza Tahmi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive\u2019s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation.\u003cbr\u003e\u003cbr\u003eThe vulnerable CookieSigner logic was introduced in Apache Hive by\u0026nbsp;HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following:\u003cbr\u003e* org.apache.hive:hive-service\u003cbr\u003e* org.apache.spark:spark-hive-thriftserver_2.11\u003cbr\u003e* org.apache.spark:spark-hive-thriftserver_2.12\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive\u2019s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation.\n\nThe vulnerable CookieSigner logic was introduced in Apache Hive by\u00a0HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following:\n* org.apache.hive:hive-service\n* org.apache.spark:spark-hive-thriftserver_2.11\n* org.apache.spark:spark-hive-thriftserver_2.12"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T15:26:54.477Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"product"
],
"url": "https://github.com/apache/hive"
},
{
"tags": [
"product"
],
"url": "https://github.com/apache/spark"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/spark/commit/cf59b1f51c16301f689b4e0f17ba4dbd140e1b19"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/hive/commit/7638cb1a3b07713cc490aa2909a37037f89e08b4"
},
{
"url": "https://issues.apache.org/jira/browse/HIVE-9710"
},
{
"url": "https://issues.apache.org/jira/browse/SPARK-14987"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/59r4mv7glrxpwkkdjvjbdljfpx3f5zzc"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/5o2ljnzrv8zvhjw9vy7b4rwjpc32hgfc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-23945",
"datePublished": "2024-12-23T15:26:54.477Z",
"dateReserved": "2024-01-24T10:47:00.803Z",
"dateUpdated": "2025-02-18T21:46:57.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1314
Vulnerability from cvelistv5
Published
2018-11-08 14:00
Modified
2024-08-05 03:59
Severity ?
EPSS score ?
Summary
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105884 | vdb-entry, x_refsource_BID | |
| https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727%40%3Cdev.hive.apache.org%3E | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Hive |
Version: All versions of Hive including 2.3.3, 3.1.0 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:39.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105884",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105884"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727%40%3Cdev.hive.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Hive",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "All versions of Hive including 2.3.3, 3.1.0 and earlier"
}
]
}
],
"datePublic": "2018-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache Hive 2.3.3, 3.1.0 and earlier, Hive \"EXPLAIN\" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do \"EXPLAIN\" on arbitrary table or view and expose table metadata and statistics."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-13T10:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "105884",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105884"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727%40%3Cdev.hive.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-1314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Hive",
"version": {
"version_data": [
{
"version_value": "All versions of Hive including 2.3.3, 3.1.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Hive 2.3.3, 3.1.0 and earlier, Hive \"EXPLAIN\" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do \"EXPLAIN\" on arbitrary table or view and expose table metadata and statistics."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105884"
},
{
"name": "https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1314",
"datePublished": "2018-11-08T14:00:00",
"dateReserved": "2017-12-07T00:00:00",
"dateUpdated": "2024-08-05T03:59:39.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35701
Vulnerability from cvelistv5
Published
2024-05-03 08:11
Modified
2025-02-13 16:55
Severity ?
EPSS score ?
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive.
The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability.
The attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.This issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0.
Users are recommended to upgrade to version 4.0.0, which fixes the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Hive |
Version: 4.0.0-alpha-1 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:hive:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hive",
"vendor": "apache",
"versions": [
{
"lessThan": "4.0.0",
"status": "affected",
"version": "4.0.0-alpha-1",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-35701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:48:50.207497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:53:00.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:44.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/03/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.hive:hive-jdbc",
"product": "Apache Hive",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.0.0",
"status": "affected",
"version": "4.0.0-alpha-1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Kostya Kortchinsky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Hive.\u003cbr\u003e\u003cbr\u003eThe vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThe attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.\u003cp\u003eThis issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.0.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in Apache Hive.\n\nThe vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability.\u00a0\n\nThe attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.This issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0.\n\nUsers are recommended to upgrade to version 4.0.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T08:15:07.523Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/7zcv6l63spl4r66xwz5jv9rtrg2opx81"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/05/03/3"
}
],
"source": {
"defect": [
"HIVE-27554"
],
"discovery": "EXTERNAL"
},
"title": "Apache Hive: Arbitrary command execution via JDBC driver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-35701",
"datePublished": "2024-05-03T08:11:08.215Z",
"dateReserved": "2023-06-15T12:56:43.075Z",
"dateUpdated": "2025-02-13T16:55:52.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1284
Vulnerability from cvelistv5
Published
2018-04-05 13:00
Modified
2024-09-16 18:38
Severity ?
EPSS score ?
Summary
In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.server2.enable.doAs=false.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/29184dbce4a37be2af36e539ecb479b1d27868f73ccfdff46c7174b4%40%3Cdev.hive.apache.org%3E | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/103750 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Hive |
Version: 0.6.0 to 2.3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:37.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dev] 20180404 [SECURITY] CVE-2018-1284: Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/29184dbce4a37be2af36e539ecb479b1d27868f73ccfdff46c7174b4%40%3Cdev.hive.apache.org%3E"
},
{
"name": "103750",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Hive",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.6.0 to 2.3.2"
}
]
}
],
"datePublic": "2018-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.server2.enable.doAs=false."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-14T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[dev] 20180404 [SECURITY] CVE-2018-1284: Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/29184dbce4a37be2af36e539ecb479b1d27868f73ccfdff46c7174b4%40%3Cdev.hive.apache.org%3E"
},
{
"name": "103750",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-04-04T00:00:00",
"ID": "CVE-2018-1284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Hive",
"version": {
"version_data": [
{
"version_value": "0.6.0 to 2.3.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.server2.enable.doAs=false."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20180404 [SECURITY] CVE-2018-1284: Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/29184dbce4a37be2af36e539ecb479b1d27868f73ccfdff46c7174b4@%3Cdev.hive.apache.org%3E"
},
{
"name": "103750",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1284",
"datePublished": "2018-04-05T13:00:00Z",
"dateReserved": "2017-12-07T00:00:00",
"dateUpdated": "2024-09-16T18:38:28.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1926
Vulnerability from cvelistv5
Published
2021-03-16 13:00
Modified
2025-02-13 16:27
Severity ?
EPSS score ?
Summary
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Hive |
Version: Apache Hive < 2.3.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/HIVE-22708"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Hive",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.3.8",
"status": "affected",
"version": "Apache Hive",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Hive would like to thank S. Wasin for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Information Exposure Through Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:56.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.apache.org/jira/browse/HIVE-22708"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E"
}
],
"source": {
"defect": [
"HIVE-22708"
],
"discovery": "UNKNOWN"
},
"title": "Timing attack in Cookie signature verification",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-1926",
"STATE": "PUBLIC",
"TITLE": "Timing attack in Cookie signature verification"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Hive",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Apache Hive",
"version_value": "2.3.8"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Hive would like to thank S. Wasin for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-208 Information Exposure Through Timing Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/HIVE-22708",
"refsource": "MISC",
"url": "https://issues.apache.org/jira/browse/HIVE-22708"
},
{
"name": "https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rd186eedff68102ba1e68059a808101c5aa587e11542c7dcd26e7b9d7%40%3Cuser.hive.apache.org%3E"
}
]
},
"source": {
"defect": [
"HIVE-22708"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-1926",
"datePublished": "2021-03-16T13:00:16.000Z",
"dateReserved": "2019-12-02T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:38.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34538
Vulnerability from cvelistv5
Published
2022-07-16 07:10
Modified
2024-08-04 00:12
Severity ?
EPSS score ?
Summary
Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Hive |
Version: Apache Hive < 3.1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Hive",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.1.3",
"status": "affected",
"version": "Apache Hive",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability was discovered and reported by Hideyuki Furue."
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Hive before 3.1.3 \"CREATE\" and \"DROP\" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious."
}
],
"metrics": [
{
"other": {
"content": {
"other": "Very Important"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-16T07:10:09",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354"
}
],
"source": {
"defect": [
"HIVE-25468",
""
],
"discovery": "UNKNOWN"
},
"title": "Apache Hive Security vulnerability in Hive with UDFs",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-34538",
"STATE": "PUBLIC",
"TITLE": "Apache Hive Security vulnerability in Hive with UDFs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Hive",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Apache Hive",
"version_value": "3.1.3"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability was discovered and reported by Hideyuki Furue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Hive before 3.1.3 \"CREATE\" and \"DROP\" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged users to drop and recreate UDFs pointing them to new jars that could be potentially malicious."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "Very Important"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/oqqgnhz4c6nxsfd0xstosnk0g15f7354"
}
]
},
"source": {
"defect": [
"HIVE-25468",
""
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-34538",
"datePublished": "2022-07-16T07:10:09",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-08-04T00:12:50.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23953
Vulnerability from cvelistv5
Published
2025-01-28 09:07
Modified
2025-02-18 19:07
Severity ?
EPSS score ?
Summary
Use of Arrays.equals() in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0, which fixes this issue.
The problem occurs when an application doesn’t use a constant-time algorithm for validating a signature. The method Arrays.equals() returns false right away when it sees that one of the input’s bytes are different. It means that the comparison time depends on the contents of the arrays. This little thing may allow an attacker to forge a valid signature for an arbitrary message byte by byte. So it might allow malicious users to submit splits/work with selected signatures to LLAP without running as a privileged user, potentially leading to DDoS attack.
More details in the reference section.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/hive | product | |
| https://github.com/apache/hive/commit/b418e3c9f479ba8e7d31e6470306111002ffa809 | patch | |
| https://issues.apache.org/jira/browse/HIVE-28030 | issue-tracking | |
| https://blog.gypsyengineer.com/en/security/preventing-timing-attacks-with-codeql.html | technical-description | |
| https://cqr.company/web-vulnerabilities/timing-attacks/ | technical-description | |
| https://lists.apache.org/thread/0nloywj49nbtlc6l3c6363qvq7o1ztb7 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Hive |
Version: 2.2.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:18:48.359282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:07:15.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-28T18:03:23.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/28/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.hive:hive-llap-common",
"product": "Apache Hive",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.0.0",
"status": "affected",
"version": "2.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Andrea Cosentino"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Arrays.equals() in \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLlapSignerImpl in\u0026nbsp;\u003c/span\u003eApache Hive to compare message signatures\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eallows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack.\u0026nbsp;\u003c/span\u003eUsers are recommended to upgrade to version 4.0.0, which fixes this issue.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(253, 253, 253);\"\u003eThe problem occurs when an application doesn\u2019t use a constant-time algorithm for validating a signature.\u0026nbsp;\u003cspan style=\"background-color: rgb(253, 253, 253);\"\u003eThe method \u003c/span\u003e\u003ccode\u003eArrays.equals()\u003c/code\u003e\u003cspan style=\"background-color: rgb(253, 253, 253);\"\u003e\u0026nbsp;returns \u003c/span\u003e\u003ccode\u003efalse\u003c/code\u003e\u003cspan style=\"background-color: rgb(253, 253, 253);\"\u003e\u0026nbsp;right away when it sees that one of the input\u2019s bytes are different. It means that the comparison time depends on the contents of the arrays. This little thing may allow an attacker to forge a valid signature for an arbitrary message byte by byte.\u0026nbsp;So it might allow malicious users to submit splits/work with selected signatures to LLAP without running as a privileged user, potentially leading to DDoS attack.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eMore details in the reference section.\u003cbr\u003e"
}
],
"value": "Use of Arrays.equals() in LlapSignerImpl in\u00a0Apache Hive to compare message signatures\u00a0allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack.\u00a0Users are recommended to upgrade to version 4.0.0, which fixes this issue.\n\nThe problem occurs when an application doesn\u2019t use a constant-time algorithm for validating a signature.\u00a0The method Arrays.equals()\u00a0returns false\u00a0right away when it sees that one of the input\u2019s bytes are different. It means that the comparison time depends on the contents of the arrays. This little thing may allow an attacker to forge a valid signature for an arbitrary message byte by byte.\u00a0So it might allow malicious users to submit splits/work with selected signatures to LLAP without running as a privileged user, potentially leading to DDoS attack.\n\nMore details in the reference section."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T09:07:22.333Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"product"
],
"url": "https://github.com/apache/hive"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/hive/commit/b418e3c9f479ba8e7d31e6470306111002ffa809"
},
{
"tags": [
"issue-tracking"
],
"url": "https://issues.apache.org/jira/browse/HIVE-28030"
},
{
"tags": [
"technical-description"
],
"url": "https://blog.gypsyengineer.com/en/security/preventing-timing-attacks-with-codeql.html"
},
{
"tags": [
"technical-description"
],
"url": "https://cqr.company/web-vulnerabilities/timing-attacks/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/0nloywj49nbtlc6l3c6363qvq7o1ztb7"
}
],
"source": {
"defect": [
"HIVE-28030"
],
"discovery": "UNKNOWN"
},
"title": "Apache Hive: Timing Attack Against Signature in LLAP util",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-23953",
"datePublished": "2025-01-28T09:07:22.333Z",
"dateReserved": "2024-01-24T15:37:56.409Z",
"dateUpdated": "2025-02-18T19:07:15.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-29869
Vulnerability from cvelistv5
Published
2025-01-28 21:31
Modified
2025-01-29 14:26
Severity ?
EPSS score ?
Summary
Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. Users are recommended to upgrade to version 4.0.1, which fixes this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Hive |
Version: 1.1.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-01-28T23:02:36.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/28/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T14:24:47.416197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T14:26:24.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.hive:hive-exec",
"product": "Apache Hive",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.0.1",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Andrea Cosentino"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file.\u0026nbsp;Users are recommended to upgrade to version 4.0.1, which fixes this issue.\u003cbr\u003e"
}
],
"value": "Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file.\u00a0Users are recommended to upgrade to version 4.0.1, which fixes this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T21:31:43.422Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"product"
],
"url": "https://github.com/apache/hive"
},
{
"tags": [
"patch"
],
"url": "https://github.com/apache/hive/commit/20106e254527f7d71b2e34455c4322e14950c620"
},
{
"tags": [
"issue-tracking"
],
"url": "https://issues.apache.org/jira/browse/HIVE-28134"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/h27ohpyrqf9w1m3c0tqr7x8jg59rcrv6"
}
],
"source": {
"defect": [
"HIVE-28134"
],
"discovery": "UNKNOWN"
},
"title": "Apache Hive: Credentials file created with non restrictive permissions",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-29869",
"datePublished": "2025-01-28T21:31:43.422Z",
"dateReserved": "2024-03-21T10:17:30.548Z",
"dateUpdated": "2025-01-29T14:26:24.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11777
Vulnerability from cvelistv5
Published
2018-11-08 14:00
Modified
2024-08-05 08:17
Severity ?
EPSS score ?
Summary
In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105886 | vdb-entry, x_refsource_BID | |
| https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb%40%3Cdev.hive.apache.org%3E | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Hive |
Version: All versions of Hive, including 2.3.3, 3.1.0 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:09.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105886",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105886"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb%40%3Cdev.hive.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Hive",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "All versions of Hive, including 2.3.3, 3.1.0 and earlier"
}
]
}
],
"datePublic": "2018-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-13T10:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "105886",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105886"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb%40%3Cdev.hive.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-11777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Hive",
"version": {
"version_data": [
{
"version_value": "All versions of Hive, including 2.3.3, 3.1.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105886",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105886"
},
{
"name": "https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-11777",
"datePublished": "2018-11-08T14:00:00",
"dateReserved": "2018-06-05T00:00:00",
"dateUpdated": "2024-08-05T08:17:09.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1315
Vulnerability from cvelistv5
Published
2018-04-05 13:00
Modified
2024-09-17 00:05
Severity ?
EPSS score ?
Summary
In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/d5da94ef60312c01a8d2348466680d1b5fb70702c71a3e84e94f7933%40%3Cdev.hive.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Hive |
Version: 2.1.0 to 2.3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:37.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dev] 20180404 [SECURITY] CVE-2018-1315 \u0027COPY FROM FTP\u0027 statement in HPL/SQL can write to arbitrary location if the FTP server is compromised",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d5da94ef60312c01a8d2348466680d1b5fb70702c71a3e84e94f7933%40%3Cdev.hive.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Hive",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.1.0 to 2.3.2"
}
]
}
],
"datePublic": "2018-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache Hive 2.1.0 to 2.3.2, when \u0027COPY FROM FTP\u0027 statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Resource Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-05T12:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[dev] 20180404 [SECURITY] CVE-2018-1315 \u0027COPY FROM FTP\u0027 statement in HPL/SQL can write to arbitrary location if the FTP server is compromised",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/d5da94ef60312c01a8d2348466680d1b5fb70702c71a3e84e94f7933%40%3Cdev.hive.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-04-04T00:00:00",
"ID": "CVE-2018-1315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Hive",
"version": {
"version_data": [
{
"version_value": "2.1.0 to 2.3.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Hive 2.1.0 to 2.3.2, when \u0027COPY FROM FTP\u0027 statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Resource Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20180404 [SECURITY] CVE-2018-1315 \u0027COPY FROM FTP\u0027 statement in HPL/SQL can write to arbitrary location if the FTP server is compromised",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d5da94ef60312c01a8d2348466680d1b5fb70702c71a3e84e94f7933@%3Cdev.hive.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1315",
"datePublished": "2018-04-05T13:00:00Z",
"dateReserved": "2017-12-07T00:00:00",
"dateUpdated": "2024-09-17T00:05:55.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1282
Vulnerability from cvelistv5
Published
2018-04-05 13:00
Modified
2024-09-16 23:51
Severity ?
EPSS score ?
Summary
This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/103751 | vdb-entry, x_refsource_BID | |
| https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299%40%3Cdev.hive.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Hive |
Version: 0.7.1 to 2.3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:37.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103751",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103751"
},
{
"name": "[dev] 20180404 [SECURITY] CVE-2018-1282 JDBC driver is susceptible to SQL injection attack if the input parameters are not properly cleaned",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299%40%3Cdev.hive.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Hive",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.7.1 to 2.3.2"
}
]
}
],
"datePublic": "2018-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-14T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "103751",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103751"
},
{
"name": "[dev] 20180404 [SECURITY] CVE-2018-1282 JDBC driver is susceptible to SQL injection attack if the input parameters are not properly cleaned",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299%40%3Cdev.hive.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-04-04T00:00:00",
"ID": "CVE-2018-1282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Hive",
"version": {
"version_data": [
{
"version_value": "0.7.1 to 2.3.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103751"
},
{
"name": "[dev] 20180404 [SECURITY] CVE-2018-1282 JDBC driver is susceptible to SQL injection attack if the input parameters are not properly cleaned",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/74bd2bff1827febb348dfb323986fa340d3bb97a315ab93c3ccc8299@%3Cdev.hive.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1282",
"datePublished": "2018-04-05T13:00:00Z",
"dateReserved": "2017-12-07T00:00:00",
"dateUpdated": "2024-09-16T23:51:40.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}