CVE-2014-0228
Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service
EPSS 0.32%
Description
Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.
How to fix CVE-2014-0228
To remediate CVE-2014-0228, upgrade the affected package to a fixed version below.
- Maven/org.apache.hive:hive—upgrade to 0.13.1 or later
- —upgrade to 0.13.1 or later
- —upgrade to 0.13.1 or later
Is CVE-2014-0228 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 0.13.1
- from 0, < 0.13.1
- from 0, < 0.13.1
References (5)
- ADVISORYgithub.com/advisories/GHSA-w4x9-4f5x-8jj8
- ADVISORYnvd.nist.gov/vuln/detail/CVE-2014-0228
- WEBmail-archives.apache.org/mod_mbox/hive-user/201406.mbox/%3CCABgNGzeN7E+9d=YV5yvnKA7wmSx1op_avtUjPcPtDaR6DLJM6g@mail.gmail.com%3E
- WEBpacketstormsecurity.com/files/127091/Apache-Hive-0.13.0-Authorization-Failure.html