PT-2014-3547 · Apache · Apache Hive
Thejas Nair
·
Published
2014-11-16
·
Updated
2018-11-21
·
CVE-2014-0228
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Hive versions prior to 0.13.1
Description
The issue concerns a problem with file permission checks in SQL standards based authorization mode. Specifically, it affects import and export statements, allowing remote authenticated users to obtain sensitive information by crafting a URI.
Recommendations
For versions prior to 0.13.1, update to version 0.13.1 or later to resolve the issue.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Hive