QwikSec

Security Database

CVE

CWE

Training

CVE-2024-29869

Published: Jan 28, 2025

Modified: Jan 29, 2025

PUBLISHED

Description

Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. Users are recommended to upgrade to version 4.0.1, which fixes this issue.

Vendor	Product	Versions
Apache Software Foundation	Apache Hive	affected `1.1.0 - < 4.0.1`

Weaknesses (CWE)

References

https://github.com/apache/hive

product

https://github.com/apache/hive/commit/20106e254527f7d71b2e34455c4322e14950c620

patch

https://issues.apache.org/jira/browse/HIVE-28134

issue-tracking

https://lists.apache.org/thread/h27ohpyrqf9w1m3c0tqr7x8jg59rcrv6

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.