CVE-2014-0228CVE-2014-0228

Affected configuration(s):

cpe:/a:apache:hive:0.13.0

Date published: 2014-11-16T12:59:00.127-05:00

Date last modified: 2014-11-18T12:19:54.357-05:00

CVSS Score: 3.5

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://mail-archives.apache.org/mod_mbox/hive-user/201406.mbox/%3CCABgNGzeN7E+9d=YV5yvnKA7wmSx1op_avtUjPcPtDaR6DLJM6g@mail.gmail.com%3E

Summary: Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.