CVE-2024-29869
MEDIUM5.5EPSS 0.10%Apache Hive Incorrectly Assigns Permissions for a Critical Resource
發布日:2025/1/29修改日:2025/1/29
描述
Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. Users are recommended to upgrade to version 4.0.1, which fixes this issue.
受影響套件(1)
- Maven/org.apache.hive:hive-execfrom 0, < 4.0.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-29869
- PATCHhttps://github.com/apache/hive
- WEBhttps://github.com/apache/hive/commit/20106e254527f7d71b2e34455c4322e14950c620
- WEBhttps://issues.apache.org/jira/browse/HIVE-28134
- WEBhttps://lists.apache.org/thread/h27ohpyrqf9w1m3c0tqr7x8jg59rcrv6
- WEBhttp://www.openwall.com/lists/oss-security/2025/01/28/4