apache/hive: The latest CVE Vulnerabilities and Exploits for Penetration Test

 

Page content

apache/hive Vulnerability Summary

  • Vendor name: apache
  • Product name: hive
  • Total vulnerabilities: 14 (as 2023-05-04)

apache/hive Vulnerability List

Published: 2021-03-16T13:15:00 Last Modified: 2021-03-22T20:21:00

Summary

Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-1926 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2020-13949: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would…

Published: 2021-02-12T20:15:00 Last Modified: 2022-02-07T16:15:00

Summary

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption

CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-13949 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2020-5421: In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and…

Published: 2020-09-19T04:15:00 Last Modified: 2022-02-07T16:15:00

Summary

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 3.9
  • CVSS: 3.6
  • CVSS Vector: AV:N/AC:H/Au:S/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: SINGLE
  • Complexity: HIGH
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-5421 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2018-21234: Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.

Published: 2020-05-21T23:15:00 Last Modified: 2021-08-11T11:15:00

Summary

Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.

Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data

CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-21234 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2018-11777: In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly…

Published: 2018-11-08T14:29:00 Last Modified: 2019-10-03T00:03:00

Summary

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 8.0
  • CVSS: 5.5
  • CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-11777 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2018-1314: In Apache Hive 2.3.3, 3.1.0 and earlier, Hive “EXPLAIN” operation does not check for necessary…

Published: 2018-11-08T14:29:00 Last Modified: 2019-10-03T00:03:00

Summary

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive “EXPLAIN” operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do “EXPLAIN” on arbitrary table or view and expose table metadata and statistics.

Common Weakness Enumeration (CWE): CWE-862: Missing Authorization

CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.0
  • CVSS: 4.0
  • CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1314 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2018-1282: This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments…

Published: 2018-04-05T13:29:00 Last Modified: 2018-05-15T17:55:00

Summary

This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation.

Common Weakness Enumeration (CWE): CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

CWE Description: The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1282 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2018-1284: In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs…

Published: 2018-04-05T13:29:00 Last Modified: 2018-05-15T17:55:00

Summary

In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.server2.enable.doAs=false.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1284 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2018-1315: In Apache Hive 2.1.0 to 2.3.2, when ‘COPY FROM FTP’ statement is run using HPL/SQL extension to…

Published: 2018-04-05T13:29:00 Last Modified: 2019-10-03T00:03:00

Summary

In Apache Hive 2.1.0 to 2.3.2, when ‘COPY FROM FTP’ statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently.

Common Weakness Enumeration (CWE): CWE-732: Incorrect Permission Assignment for Critical Resource

CWE Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2018-1315 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2017-12625: Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface…

Published: 2017-11-01T13:29:00 Last Modified: 2017-11-21T19:41:00

Summary

Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.0
  • CVSS: 4.0
  • CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2017-12625 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2016-3083: Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports…

Published: 2017-05-30T14:29:00 Last Modified: 2017-06-01T01:29:00

Summary

Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server’s certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn’t seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through.

Common Weakness Enumeration (CWE): CWE-295: Improper Certificate Validation

CWE Description: The software does not validate, or incorrectly validates, a certificate.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2016-3083 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2015-7521: The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on…

Published: 2016-01-29T20:59:00 Last Modified: 2018-10-09T19:58:00

Summary

The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 10.0
  • CVSS: 7.5
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-7521 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2015-1772: The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as…

Published: 2015-12-21T11:59:00 Last Modified: 2017-03-24T01:59:00

Summary

The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request.

Common Weakness Enumeration (CWE): CWE-287: Improper Authentication

CWE Description: When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.6
  • CVSS: 4.3
  • CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact

  • Availability: NONE
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-1772 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache

CVE-2014-0228: Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly…

Published: 2014-11-16T17:59:00 Last Modified: 2018-10-09T19:41:00

Summary

Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.

Common Weakness Enumeration (CWE): CWE-284: Improper Access Control

CWE Description: The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 6.8
  • CVSS: 3.5
  • CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: SINGLE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2014-0228 vulnerability.

References

See also: All popular products CVE Vulnerabilities of apache