Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0eDktNGY1eC04amo4
Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service
Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.
Permalink: https://github.com/advisories/GHSA-w4x9-4f5x-8jj8JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0eDktNGY1eC04amo4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 5 years ago
Updated: over 1 year ago
Identifiers: GHSA-w4x9-4f5x-8jj8, CVE-2014-0228
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-0228
- https://github.com/advisories/GHSA-w4x9-4f5x-8jj8
- http://mail-archives.apache.org/mod_mbox/hive-user/201406.mbox/%3CCABgNGzeN7E+9d=YV5yvnKA7wmSx1op_avtUjPcPtDaR6DLJM6g@mail.gmail.com%3E
- http://packetstormsecurity.com/files/127091/Apache-Hive-0.13.0-Authorization-Failure.html
- http://www.securityfocus.com/archive/1/532418/100/0/threaded
Affected Packages
maven:org.apache.hive:hive-exec
Dependent packages: 428Dependent repositories: 3,002
Downloads:
Affected Version Ranges: < 0.13.1
Fixed in: 0.13.1
All affected versions: 0.8.0, 0.8.1, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0
All unaffected versions: 0.13.1, 0.14.0, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3
maven:org.apache.hive:hive-service
Dependent packages: 150Dependent repositories: 962
Downloads:
Affected Version Ranges: < 0.13.1
Fixed in: 0.13.1
All affected versions: 0.8.0, 0.8.1, 0.9.0, 0.10.0, 0.11.0, 0.12.0, 0.13.0
All unaffected versions: 0.13.1, 0.14.0, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3
maven:org.apache.hive:hive
Dependent packages: 2Dependent repositories: 7
Downloads:
Affected Version Ranges: < 0.13.1
Fixed in: 0.13.1
All affected versions: 0.13.0
All unaffected versions: 0.13.1, 0.14.0, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.2.2, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 3.0.0, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 4.0.0