Plattform
java
Komponente
org.apache.hive:hive
Behoben in
0.13.1
CVE-2014-0228 is a security vulnerability affecting Apache Hive versions up to 0.13.0. This flaw allows authenticated remote users to potentially access sensitive information through crafted URIs used in import and export operations. The vulnerability arises when Hive operates in SQL standards-based authorization mode, failing to properly validate file permissions. A fix is available in version 0.13.1.
An attacker exploiting CVE-2014-0228 could leverage crafted URIs within import or export statements to bypass file permission checks. This bypass allows them to read files that they should not have access to, potentially exposing sensitive data stored within Hive. The impact is limited to authenticated users who can execute HiveQL statements. While the CVSS score is LOW, the potential for data exposure warrants prompt remediation. This vulnerability highlights the importance of robust authorization and access control mechanisms within data processing systems.
CVE-2014-0228 was publicly disclosed in 2018. There is no indication of active exploitation campaigns targeting this vulnerability. No proof-of-concept exploits are publicly available. It is not listed on the CISA KEV catalog. The vulnerability's LOW severity and lack of public exploits suggest a relatively low exploitation probability.
Organizations utilizing Apache Hive for data warehousing and processing, particularly those running versions 0.13.0 or earlier, are at risk. This includes environments where Hive is used to store sensitive data, such as personally identifiable information (PII) or financial records. Shared hosting environments where multiple users have access to the Hive metastore are also particularly vulnerable.
• java / server:
ps -ef | grep hive• java / server:
find / -name "hive-site.xml" -print• java / server:
journalctl -u hive -n 100 | grep -i "import" | grep -i "export"discovery
disclosure
Exploit-Status
EPSS
0.32% (55% Perzentil)
The primary mitigation for CVE-2014-0228 is to upgrade Apache Hive to version 0.13.1 or later. If upgrading is not immediately feasible, consider disabling SQL standards-based authorization mode as a temporary workaround, though this may impact compatibility with certain SQL queries. Carefully review and restrict access to Hive import and export functionalities. Implement robust file permission controls to limit the scope of potential data exposure. After upgrading, verify the fix by attempting to execute import/export statements with URIs that previously triggered the vulnerability, ensuring that permission checks are now enforced.
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2014-0228 is a vulnerability in Apache Hive versions up to 0.13.0 that allows authenticated users to access sensitive information via crafted URIs in import/export statements when using SQL standards-based authorization.
You are affected if you are running Apache Hive versions 0.13.0 or earlier and have SQL standards-based authorization enabled.
Upgrade Apache Hive to version 0.13.1 or later. As a temporary workaround, disable SQL standards-based authorization mode.
There is no indication of active exploitation campaigns targeting CVE-2014-0228 at this time.
Refer to the Apache Hive security page for details: https://hive.apache.org/security/
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.