CVE-2024-29869

CWE-732 — Incorrect Permission Assignment4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 73.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Hive Apache Hive

Timeline

PublishedJan 28

Latest updateJan 29

Description

Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. Users are recommended to upgrade to version 4.0.1, which fixes this issue.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDapache/hive1.1.0 — 4.0.1

▶Mavenorg.apache.hive:hive-exec< 4.0.1

▶CVEListV5apache_software_foundation/apache_hive1.1.0 — 4.0.1

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

Apache Hive Incorrectly Assigns Permissions for a Critical Resource↗2025-01-29

▶

GHSA

Apache Hive Incorrectly Assigns Permissions for a Critical Resource↗2025-01-29

▶

CVEList

Apache Hive: Credentials file created with non restrictive permissions↗2025-01-28

▶