CVE-2014-0228

{"id": "CVE-2014-0228", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-11-16T17:59:00.127", "references": [{"url": "http://mail-archives.apache.org/mod_mbox/hive-user/201406.mbox/%3CCABgNGzeN7E+9d=YV5yvnKA7wmSx1op_avtUjPcPtDaR6DLJM6g%40mail.gmail.com%3E", "source": "secalert@redhat.com"}, {"url": "http://packetstormsecurity.com/files/127091/Apache-Hive-0.13.0-Authorization-Failure.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/532418/100/0/threaded", "source": "secalert@redhat.com"}, {"url": "http://mail-archives.apache.org/mod_mbox/hive-user/201406.mbox/%3CCABgNGzeN7E+9d=YV5yvnKA7wmSx1op_avtUjPcPtDaR6DLJM6g%40mail.gmail.com%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/127091/Apache-Hive-0.13.0-Authorization-Failure.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/532418/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI."}, {"lang": "es", "value": "En Apache Hive anterior a 0.13.1., cuando se usa el modo de autorizaci\u00f3n basada en estandares SQL , no se comprueban correctamente los permisos de archivo para las declaraciones de (1) import y (2) export, permitiendo a usuarios autenticados obtener informaci\u00f3n sensible a trav\u00e9s de peticiones URI espec\u00edficamente dise\u00f1adas."}], "lastModified": "2024-11-21T02:01:42.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:hive:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BD55E03-E462-4C0C-9766-C97B43A3E3B6", "versionEndIncluding": "0.13.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}