Path Traversal in Apache Hive Disclosing File Contents
CVE-2018-1284

3.7LOW

Key Information:

Vendor: Apache
Status: Apache Hive
Vendor: CVE Published:; 5 April 2018

What is CVE-2018-1284?

In versions of Apache Hive ranging from 0.6.0 to 2.3.2, a vulnerability exists that permits a malicious user to exploit the XPath User Defined Functions (UDFs) to gain unauthorized access to files present on the server where HiveServer2 is running. If the configuration allows 'hive.server2.enable.doAs' to be set to false, attackers can manipulate XML inputs to reveal sensitive information from files owned by the HiveServer2 user, typically the 'hive' user. This vulnerability underscores the importance of enforcing strict configurations and access control measures in Hive deployments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Hive 0.6.0 to 2.3.2

References

https://lists.apache.org/thread.html/29184dbce4a37be2af36...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/103750

vdb-entryx_refsource_BID

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2018
Vulnerability Reserved
Dec 7, 2017

JSON

Apache

What is CVE-2018-1284?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.