cve-2024-23945
Vulnerability from cvelistv5
Published
2024-12-23 15:26
Modified
2025-02-18 21:46
Severity ?
Summary
Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation. The vulnerable CookieSigner logic was introduced in Apache Hive by HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following: * org.apache.hive:hive-service * org.apache.spark:spark-hive-thriftserver_2.11 * org.apache.spark:spark-hive-thriftserver_2.12
References
security@apache.orghttps://github.com/apache/hive
security@apache.orghttps://github.com/apache/hive/commit/7638cb1a3b07713cc490aa2909a37037f89e08b4
security@apache.orghttps://github.com/apache/spark
security@apache.orghttps://github.com/apache/spark/commit/cf59b1f51c16301f689b4e0f17ba4dbd140e1b19
security@apache.orghttps://issues.apache.org/jira/browse/HIVE-9710
security@apache.orghttps://issues.apache.org/jira/browse/SPARK-14987
security@apache.orghttps://lists.apache.org/thread/59r4mv7glrxpwkkdjvjbdljfpx3f5zzc
security@apache.orghttps://lists.apache.org/thread/5o2ljnzrv8zvhjw9vy7b4rwjpc32hgfc
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/12/23/2
Impacted products
Vendor Product Version
Apache Software Foundation Apache Hive Version: 1.2.0   
Create a notification for this product.
   Apache Software Foundation Apache Spark Version: 2.0.0   
Create a notification for this product.
   Apache Software Foundation Apache Spark Version: 3.0.0   
Version: 3.4.0   
Version: 3.5.0   
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-23T18:03:26.179Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/12/23/2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23945",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-24T01:50:23.681395Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T21:46:57.711Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.hive:hive-service",
          "product": "Apache Hive",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "4.0.0",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.spark:spark-hive-thriftserver_2.11",
          "product": "Apache Spark",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "3.0.0",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.spark:spark-hive-thriftserver_2.12",
          "product": "Apache Spark",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "3.3.4",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.4.2",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Kostya Kortchinsky"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Hamza Tahmi"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive\u2019s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation.\u003cbr\u003e\u003cbr\u003eThe vulnerable CookieSigner logic was introduced in Apache Hive by\u0026nbsp;HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following:\u003cbr\u003e* org.apache.hive:hive-service\u003cbr\u003e* org.apache.spark:spark-hive-thriftserver_2.11\u003cbr\u003e* org.apache.spark:spark-hive-thriftserver_2.12\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive\u2019s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation.\n\nThe vulnerable CookieSigner logic was introduced in Apache Hive by\u00a0HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following:\n* org.apache.hive:hive-service\n* org.apache.spark:spark-hive-thriftserver_2.11\n* org.apache.spark:spark-hive-thriftserver_2.12"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-23T15:26:54.477Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/apache/hive"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/apache/spark"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/apache/spark/commit/cf59b1f51c16301f689b4e0f17ba4dbd140e1b19"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/apache/hive/commit/7638cb1a3b07713cc490aa2909a37037f89e08b4"
        },
        {
          "url": "https://issues.apache.org/jira/browse/HIVE-9710"
        },
        {
          "url": "https://issues.apache.org/jira/browse/SPARK-14987"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/59r4mv7glrxpwkkdjvjbdljfpx3f5zzc"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/5o2ljnzrv8zvhjw9vy7b4rwjpc32hgfc"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-23945",
    "datePublished": "2024-12-23T15:26:54.477Z",
    "dateReserved": "2024-01-24T10:47:00.803Z",
    "dateUpdated": "2025-02-18T21:46:57.711Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-23945\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-12-23T16:15:05.590\",\"lastModified\":\"2025-02-18T22:15:10.600\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive\u2019s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation.\\n\\nThe vulnerable CookieSigner logic was introduced in Apache Hive by\u00a0HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following:\\n* org.apache.hive:hive-service\\n* org.apache.spark:spark-hive-thriftserver_2.11\\n* org.apache.spark:spark-hive-thriftserver_2.12\"},{\"lang\":\"es\",\"value\":\"Signing cookies es una caracter\u00edstica de seguridad de la aplicaci\u00f3n que agrega una firma digital a los datos de las cookies para verificar su autenticidad e integridad. La firma ayuda a evitar que actores malintencionados modifiquen el valor de la cookie, lo que puede provocar vulnerabilidades de seguridad y explotaci\u00f3n. El componente de servicio de Apache Hive expone accidentalmente la cookie firmada al usuario final cuando hay una discrepancia en la firma entre la cookie actual y la esperada. Exponer la firma de cookie correcta puede conducir a una mayor explotaci\u00f3n. La l\u00f3gica vulnerable de CookieSigner se introdujo en Apache Hive mediante HIVE-9710 (1.2.0) y en Apache Spark mediante SPARK-14987 (2.0.0). Los componentes afectados son los siguientes: * org.apache.hive:hive-service * org.apache.spark:spark-hive-thriftserver_2.11 * org.apache.spark:spark-hive-thriftserver_2.12\"}],\"metrics\":{},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-209\"}]}],\"references\":[{\"url\":\"https://github.com/apache/hive\",\"source\":\"security@apache.org\"},{\"url\":\"https://github.com/apache/hive/commit/7638cb1a3b07713cc490aa2909a37037f89e08b4\",\"source\":\"security@apache.org\"},{\"url\":\"https://github.com/apache/spark\",\"source\":\"security@apache.org\"},{\"url\":\"https://github.com/apache/spark/commit/cf59b1f51c16301f689b4e0f17ba4dbd140e1b19\",\"source\":\"security@apache.org\"},{\"url\":\"https://issues.apache.org/jira/browse/HIVE-9710\",\"source\":\"security@apache.org\"},{\"url\":\"https://issues.apache.org/jira/browse/SPARK-14987\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread/59r4mv7glrxpwkkdjvjbdljfpx3f5zzc\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread/5o2ljnzrv8zvhjw9vy7b4rwjpc32hgfc\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/12/23/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2024/12/23/2\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-12-23T18:03:26.179Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-23945\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-24T01:50:23.681395Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-24T01:51:05.341Z\"}}], \"cna\": {\"title\": \"Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Kostya Kortchinsky\"}, {\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Hamza Tahmi\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Hive\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.2.0\", \"lessThan\": \"4.0.0\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.hive:hive-service\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Spark\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\", \"lessThan\": \"3.0.0\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.spark:spark-hive-thriftserver_2.11\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Spark\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.3.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.4.0\", \"lessThan\": \"3.4.2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.5.0\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.spark:spark-hive-thriftserver_2.12\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/apache/hive\", \"tags\": [\"product\"]}, {\"url\": \"https://github.com/apache/spark\", \"tags\": [\"product\"]}, {\"url\": \"https://github.com/apache/spark/commit/cf59b1f51c16301f689b4e0f17ba4dbd140e1b19\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/apache/hive/commit/7638cb1a3b07713cc490aa2909a37037f89e08b4\", \"tags\": [\"patch\"]}, {\"url\": \"https://issues.apache.org/jira/browse/HIVE-9710\"}, {\"url\": \"https://issues.apache.org/jira/browse/SPARK-14987\"}, {\"url\": \"https://lists.apache.org/thread/59r4mv7glrxpwkkdjvjbdljfpx3f5zzc\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.apache.org/thread/5o2ljnzrv8zvhjw9vy7b4rwjpc32hgfc\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive\\u2019s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation.\\n\\nThe vulnerable CookieSigner logic was introduced in Apache Hive by\\u00a0HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following:\\n* org.apache.hive:hive-service\\n* org.apache.spark:spark-hive-thriftserver_2.11\\n* org.apache.spark:spark-hive-thriftserver_2.12\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive\\u2019s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation.\u003cbr\u003e\u003cbr\u003eThe vulnerable CookieSigner logic was introduced in Apache Hive by\u0026nbsp;HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following:\u003cbr\u003e* org.apache.hive:hive-service\u003cbr\u003e* org.apache.spark:spark-hive-thriftserver_2.11\u003cbr\u003e* org.apache.spark:spark-hive-thriftserver_2.12\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-209\", \"description\": \"CWE-209 Generation of Error Message Containing Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-12-23T15:26:54.477Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-23945\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-18T21:46:57.711Z\", \"dateReserved\": \"2024-01-24T10:47:00.803Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-12-23T15:26:54.477Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.