PT-2025-2399 · Hive · Hive
Andrea Cosentino
·
Published
2024-03-20
·
Updated
2025-02-01
·
CVE-2024-29869
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Hive versions prior to 4.0.1
Description
The issue arises when Hive creates a credentials file in a temporary directory with default permissions of 644, allowing any unauthorized user with access to the directory to read sensitive information.
Recommendations
Hive versions prior to 4.0.1 should be upgraded to version 4.0.1 to resolve the issue.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hive