Platform
java
Component
org.apache.hive:hive
Fixed in
2.3.3
CVE-2018-1315 is a security vulnerability affecting Apache Hive versions 2.1.0 through 2.3.2. It allows a compromised FTP server to write files to arbitrary locations on the cluster when using the 'COPY FROM FTP' statement with the HPL/SQL extension. This vulnerability poses a significant risk to data integrity and system security, and a fix is available in version 2.3.3.
The vulnerability stems from insufficient validation of the destination path when downloading files via FTP using HPL/SQL in Apache Hive. An attacker controlling a malicious FTP server could exploit this by providing a crafted file path that writes the downloaded file to a location outside the intended directory. This could lead to overwriting critical system files, injecting malicious code, or gaining unauthorized access to sensitive data. The impact is particularly severe as it allows for arbitrary file writes, potentially leading to complete system compromise. This is not a risk for users of the Hive CLI or HiveServer2 as HPL/SQL is invoked separately.
CVE-2018-1315 was publicly disclosed on November 21, 2018. While no active exploitation campaigns have been definitively linked to this CVE, the potential for arbitrary file writes makes it a concerning vulnerability. It is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are available, demonstrating the feasibility of exploitation.
Exploit Status
EPSS
1.03% (77% percentile)
CVSS Vector
The primary mitigation is to upgrade Apache Hive to version 2.3.3 or later, which includes the necessary fix. If upgrading is not immediately feasible, consider implementing strict destination path verification within your HPL/SQL scripts to ensure files are only written to authorized locations. Additionally, restrict access to the HPL/SQL command-line script and carefully audit FTP server configurations. Consider using a Web Application Firewall (WAF) to filter potentially malicious FTP requests. After upgrading, confirm the fix by attempting a 'COPY FROM FTP' operation with a known malicious FTP server and verifying that the file is not written to an unexpected location.
No official patch available. Check for workarounds or monitor for updates.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2018-1315 is a vulnerability in Apache Hive versions 2.1.0 to 2.3.2 that allows a malicious FTP server to write files to arbitrary locations on the cluster when using the 'COPY FROM FTP' statement with HPL/SQL.
You are affected if you are using Apache Hive versions 2.1.0 through 2.3.2 and utilize the HPL/SQL extension for FTP operations.
Upgrade Apache Hive to version 2.3.3 or later. If upgrading is not possible, implement strict destination path verification in your HPL/SQL scripts.
While no confirmed active exploitation campaigns are publicly known, the vulnerability's potential for arbitrary file writes makes it a significant risk.
Refer to the Apache Hive security page for details: https://hive.apache.org/security/
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.