Plattform
java
Komponente
org.apache.hive:hive
Behoben in
2.3.3
CVE-2018-1315 is a security vulnerability affecting Apache Hive versions 2.1.0 through 2.3.2. It allows a compromised FTP server to write files to arbitrary locations on the cluster when using the 'COPY FROM FTP' statement with the HPL/SQL extension. This vulnerability poses a significant risk to data integrity and system security, and a fix is available in version 2.3.3.
The primary impact of CVE-2018-1315 is the potential for arbitrary file writes. An attacker controlling a malicious FTP server could leverage this vulnerability to overwrite critical system files or inject malicious code onto the Hive cluster. This could lead to a complete compromise of the affected system, allowing the attacker to steal sensitive data, disrupt operations, or gain persistent access. The vulnerability specifically targets users utilizing the HPL/SQL extension, which is a separate command-line script and not used by standard Hive CLI or HiveServer2 users, limiting the initial attack surface. However, successful exploitation could still lead to lateral movement within the cluster if the compromised user has sufficient privileges.
CVE-2018-1315 was publicly disclosed on November 21, 2018. There is no indication of active exploitation campaigns targeting this vulnerability at this time. The vulnerability is not listed on the CISA KEV catalog. While a public proof-of-concept has not been widely published, the nature of the vulnerability makes it relatively straightforward to exploit, increasing the potential for future exploitation if systems remain unpatched.
Organizations using Apache Hive versions 2.1.0 through 2.3.2, particularly those utilizing the HPL/SQL extension for FTP operations, are at risk. Shared hosting environments where multiple users have access to Hive instances are especially vulnerable, as a compromised user could potentially exploit this vulnerability to affect other users.
• linux / server:
journalctl -u hive -g "COPY FROM FTP"• java / supply-chain:
Inspect HPL/SQL scripts for the use of FTP commands and destination path manipulation. Look for patterns like ftp.get(..., "/arbitrary/path/file.txt").
• generic web:
Monitor Hive logs for unusual file access patterns or errors related to FTP operations. Specifically, look for errors indicating permission denied or file not found when attempting to write to unexpected locations.
disclosure
Exploit-Status
EPSS
1.03% (77% Perzentil)
CVSS-Vektor
The recommended mitigation for CVE-2018-1315 is to upgrade Apache Hive to version 2.3.3 or later, which contains the fix. If upgrading is not immediately feasible, consider disabling the HPL/SQL extension to prevent the vulnerable 'COPY FROM FTP' functionality. As a temporary workaround, restrict access to the FTP server to trusted sources only. Implement strict file system permissions to limit the impact of potential file writes. Monitor Hive logs for suspicious FTP activity, particularly any attempts to write files outside of expected directories. No specific Sigma or YARA rules are readily available for this vulnerability, but general file integrity monitoring and anomaly detection should be implemented.
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2018-1315 is a vulnerability in Apache Hive versions 2.1.0 to 2.3.2 that allows a malicious FTP server to write files to arbitrary locations on the cluster when using the 'COPY FROM FTP' statement with HPL/SQL.
You are affected if you are using Apache Hive versions 2.1.0 through 2.3.2 and utilize the HPL/SQL extension for FTP operations.
Upgrade Apache Hive to version 2.3.3 or later. If upgrading is not possible, implement strict destination path verification in your HPL/SQL scripts.
While no confirmed active exploitation campaigns are publicly known, the vulnerability's potential for arbitrary file writes makes it a significant risk.
Refer to the Apache Hive security page for details: https://hive.apache.org/security/
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.