QwikSec

Security Database

CVE

CWE

Training

CVE-2014-0228

Published: Nov 16, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[hive-user] 20140612 CVE-2014-0228: Apache Hive Authorization vulnerability

mailing-list

x_refsource_MLIST

http://packetstormsecurity.com/files/127091/Apache-Hive-0.13.0-Authorization-Failure.html

x_refsource_MISC

20140612 CVE-2014-0228: Apache Hive Authorization vulnerability

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.