CVE-2014-0228 – org.apache.hive:hive

Package

Manager: maven
Name: org.apache.hive:hive
Vulnerable Version: >=0 <0.13.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00322 pctl0.54622

Details

Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.

Metadata

Created: 2018-11-21T22:23:29Z
Modified: 2020-06-16T21:59:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/11/GHSA-w4x9-4f5x-8jj8/GHSA-w4x9-4f5x-8jj8.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-w4x9-4f5x-8jj8
Finding: F039
Auto approve: 1