CVE-2014-0228

EPSS 0.32%
Published 16.11.2014 17:59:00
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Hive Version <= 0.13.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.32%	0.523

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:P/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://mail-archives.apache.org/mod_mbox/hive-user/201406.mbox/%3CCABgNGzeN7E+9d=YV5yvnKA7wmSx1op_avtUjPcPtDaR6DLJM6g%40mail.gmail.com%3E

http://packetstormsecurity.com/files/127091/Apache-Hive-0.13.0-Authorization-Failure.html

http://www.securityfocus.com/archive/1/532418/100/0/threaded

https://nvd.nist.gov/vuln/detail/CVE-2014-0228

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0228

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0228

EUVD