Plataforma
java
Componente
org.apache.hive:hive
Corregido en
2.3.3
CVE-2018-1284 describes an XPath injection vulnerability affecting Apache Hive versions 0.6.0 through 2.3.2. This flaw allows a malicious user, through the misuse of XPath User-Defined Functions (UDFs), to potentially expose file content on the machine running HiveServer2. The vulnerability is rated as LOW severity and can be resolved by upgrading to version 2.3.3.
An attacker can leverage this vulnerability by crafting malicious XPath queries through UDFs like xpath, xpath_string, and related functions. If hive.server2.enable.doAs=false, the HiveServer2 process runs with the privileges of the 'hive' user. Successful exploitation could lead to the exposure of sensitive files owned by this user, potentially including configuration files, credentials, or other data. The blast radius is limited to the HiveServer2 machine and the files accessible by the 'hive' user. While not a direct remote code execution (RCE) vulnerability, the information disclosure could be a stepping stone for further attacks.
CVE-2018-1284 was publicly disclosed on November 21, 2018. There is no indication of active exploitation campaigns targeting this vulnerability. While a public proof-of-concept may exist, it has not been widely reported. The vulnerability is not currently listed on CISA KEV. The LOW CVSS score reflects the limited impact and difficulty of exploitation.
Organizations using Apache Hive versions 0.6.0 through 2.3.2, particularly those with hive.server2.enable.doAs=false configured, are at risk. Shared hosting environments where multiple users have access to Hive instances are also particularly vulnerable, as a compromised user could potentially exploit this vulnerability to access files belonging to other users or the system administrator.
• java / server: Monitor HiveServer2 logs for unusual XPath queries or file access attempts. Look for patterns involving UDFs like xpath, xpath_string, etc.
grep -i 'xpath|xpath_string' /var/log/hive/hiveserver2.log• java / supply-chain: Examine Hive configuration files for hive.server2.enable.doAs=false.
grep hive.server2.enable.doAs /etc/hive/hive-site.xml• generic web: Check for unusual file access attempts in web server logs (if HiveServer2 is exposed via a web interface).
disclosure
Estado del Exploit
EPSS
0.47% (64% percentil)
Vector CVSS
The primary mitigation for CVE-2018-1284 is to upgrade Apache Hive to version 2.3.3 or later, which contains the fix. If upgrading is not immediately feasible, consider temporarily disabling the use of XPath UDFs by configuring hive.support.concurrency=false and restricting user access to sensitive files. Monitor HiveServer2 logs for suspicious XPath queries. Implement a Web Application Firewall (WAF) with rules to detect and block malicious XPath expressions. After upgrading, verify the fix by attempting to execute a known malicious XPath query and confirming that it no longer exposes file content.
Sin parche oficial disponible. Busca alternativas o monitorea actualizaciones.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2018-1284 is a LOW severity vulnerability in Apache Hive versions 0.6.0 to 2.3.2 that allows attackers to potentially expose file content through malicious XPath queries.
You are affected if you are using Apache Hive versions 0.6.0 through 2.3.2 and have not upgraded. Check your configuration for hive.server2.enable.doAs=false.
Upgrade Apache Hive to version 2.3.3 or later. As a temporary workaround, disable XPath UDFs or restrict user access to sensitive files.
There is no current evidence of active exploitation campaigns targeting CVE-2018-1284.
Refer to the Apache Hive security page for details: https://hive.apache.org/security/
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo pom.xml y te decimos al instante si estás afectado.