Plateforme
java
Composant
org.apache.hive:hive
Corrigé dans
2.3.3
CVE-2018-1284 describes an XPath injection vulnerability affecting Apache Hive versions 0.6.0 through 2.3.2. This flaw allows a malicious user, through the misuse of XPath User-Defined Functions (UDFs), to potentially expose file content on the machine running HiveServer2. The vulnerability is rated as LOW severity and can be resolved by upgrading to version 2.3.3.
An attacker can leverage this vulnerability by crafting malicious XPath queries through UDFs like xpath, xpath_string, and related functions. If hive.server2.enable.doAs=false, the HiveServer2 process runs with the privileges of the 'hive' user. Successful exploitation could lead to the exposure of sensitive files owned by this user, potentially including configuration files, credentials, or other data. The blast radius is limited to the HiveServer2 machine and the files accessible by the 'hive' user. While not a direct remote code execution (RCE) vulnerability, the information disclosure could be a stepping stone for further attacks.
CVE-2018-1284 was publicly disclosed on November 21, 2018. There is no indication of active exploitation campaigns targeting this vulnerability. While a public proof-of-concept may exist, it has not been widely reported. The vulnerability is not currently listed on CISA KEV. The LOW CVSS score reflects the limited impact and difficulty of exploitation.
Organizations using Apache Hive versions 0.6.0 through 2.3.2, particularly those with hive.server2.enable.doAs=false configured, are at risk. Shared hosting environments where multiple users have access to Hive instances are also particularly vulnerable, as a compromised user could potentially exploit this vulnerability to access files belonging to other users or the system administrator.
• java / server: Monitor HiveServer2 logs for unusual XPath queries or file access attempts. Look for patterns involving UDFs like xpath, xpath_string, etc.
grep -i 'xpath|xpath_string' /var/log/hive/hiveserver2.log• java / supply-chain: Examine Hive configuration files for hive.server2.enable.doAs=false.
grep hive.server2.enable.doAs /etc/hive/hive-site.xml• generic web: Check for unusual file access attempts in web server logs (if HiveServer2 is exposed via a web interface).
disclosure
Statut de l'Exploit
EPSS
0.47% (percentile 64%)
Vecteur CVSS
The primary mitigation for CVE-2018-1284 is to upgrade Apache Hive to version 2.3.3 or later, which contains the fix. If upgrading is not immediately feasible, consider temporarily disabling the use of XPath UDFs by configuring hive.support.concurrency=false and restricting user access to sensitive files. Monitor HiveServer2 logs for suspicious XPath queries. Implement a Web Application Firewall (WAF) with rules to detect and block malicious XPath expressions. After upgrading, verify the fix by attempting to execute a known malicious XPath query and confirming that it no longer exposes file content.
Aucun correctif officiel disponible. Recherchez des alternatives ou surveillez les mises à jour.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2018-1284 is a LOW severity vulnerability in Apache Hive versions 0.6.0 to 2.3.2 that allows attackers to potentially expose file content through malicious XPath queries.
You are affected if you are using Apache Hive versions 0.6.0 through 2.3.2 and have not upgraded. Check your configuration for hive.server2.enable.doAs=false.
Upgrade Apache Hive to version 2.3.3 or later. As a temporary workaround, disable XPath UDFs or restrict user access to sensitive files.
There is no current evidence of active exploitation campaigns targeting CVE-2018-1284.
Refer to the Apache Hive security page for details: https://hive.apache.org/security/
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier pom.xml et nous te dirons instantanément si tu es affecté.