1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-W4X9-4F5X-8JJ8

[MAVEN:GHSA-W4X9-4F5X-8JJ8] Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service

Severity Low
Affected Packages 3
Fixed Packages 3
CVEs 1
Info Packages References Vulnerabilities

Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.

Package Affected Version
pkg:maven/org.apache.hive/hive-service < 0.13.1
pkg:maven/org.apache.hive/hive-exec < 0.13.1
pkg:maven/org.apache.hive/hive < 0.13.1
Package Fixed Version
pkg:maven/org.apache.hive/hive-service = 0.13.1
pkg:maven/org.apache.hive/hive-exec = 0.13.1
pkg:maven/org.apache.hive/hive = 0.13.1
ID
MAVEN:GHSA-W4X9-4F5X-8JJ8
Severity
low
URL
https://github.com/advisories/GHSA-w4x9-4f5x-8jj8
Published
2018-11-21T22:23:29
(5 years ago)
Modified
2023-01-09T05:03:38
(20 months ago)
Rights
Maven Security Team
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.apache.hive/hive-service org.apache.hive hive-service < 0.13.1
Fixed pkg:maven/org.apache.hive/hive-service org.apache.hive hive-service = 0.13.1
Affected pkg:maven/org.apache.hive/hive-exec org.apache.hive hive-exec < 0.13.1
Fixed pkg:maven/org.apache.hive/hive-exec org.apache.hive hive-exec = 0.13.1
Affected pkg:maven/org.apache.hive/hive org.apache.hive hive < 0.13.1
Fixed pkg:maven/org.apache.hive/hive org.apache.hive hive = 0.13.1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date