Apache Hive Authorization Flaw Allows Unauthorized Data Access
CVE-2014-0228

Currently unrated

Key Information:

Vendor

Apache
Status
Hive
Vendor
CVE Published:
16 November 2014

What is CVE-2014-0228?

Apache Hive, a popular data warehousing tool built on top of Hadoop, is subject to a critical authorization flaw found in versions before 0.13.1. In SQL standards-based authorization mode, the system fails to accurately enforce file permissions for import and export actions. This oversight enables remote authenticated users to exploit the vulnerability by crafting specific URIs, potentially gaining unauthorized access to sensitive information. Organizations utilizing affected versions of Apache Hive must address this vulnerability promptly to secure their data and prevent unauthorized information disclosures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://mail-archives.apache.org/mod_mbox/hive-user/201406...
mailing-listx_refsource_MLIST
http://packetstormsecurity.com/files/127091/Apache-Hive-0...
x_refsource_MISC
http://www.securityfocus.com/archive/1/532418/100/0/threaded
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.