GHSA-w4x9-4f5x-8jj8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w4x9-4f5x-8jj8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/11/GHSA-w4x9-4f5x-8jj8/GHSA-w4x9-4f5x-8jj8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-w4x9-4f5x-8jj8
- Aliases
-
- CVE-2014-0228
- Published
- 2018-11-21T22:23:29Z
- Modified
- 2024-12-02T05:44:47.759409Z
- Summary
- Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service
- Details
-
Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-284" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:59:37Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-0228
- https://github.com/advisories/GHSA-w4x9-4f5x-8jj8
- http://mail-archives.apache.org/mod_mbox/hive-user/201406.mbox/%3CCABgNGzeN7E+9d=YV5yvnKA7wmSx1op_avtUjPcPtDaR6DLJM6g@mail.gmail.com%3E
- http://packetstormsecurity.com/files/127091/Apache-Hive-0.13.0-Authorization-Failure.html
- http://www.securityfocus.com/archive/1/532418/100/0/threaded
Affected packages
Maven / org.apache.hive:hive
Package
- Name
- org.apache.hive:hive
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.hive/hive
Maven / org.apache.hive:hive-exec
Package
- Name
- org.apache.hive:hive-exec
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.hive/hive-exec
Maven / org.apache.hive:hive-service
Package
- Name
- org.apache.hive:hive-service
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.hive/hive-service