← back
CVE-2014-0228

CVE-2014-0228

EPSS 3.5%
Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://mail-archives.apache.org/mod_mbox/hive-user/201406.mbox/%3CCABgNGzeN7E+9d=YV5yvnKA7wmSx1op_avtUjPcPtDaR6DLJM6g%40mail.gmail.com%3Ehttp://packetstormsecurity.com/files/127091/Apache-Hive-0.13.0-Authorization-Failure.htmlhttp://www.securityfocus.com/archive/1/532418/100/0/threaded