CVE-2024-29869
MEDIUMApache Hive 1.1.0-4.0.0 - Unauthorized Sensitive Information Exposure via Temporary Credentials File
Title source: llmDescription
Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. Users are recommended to upgrade to version 4.0.1, which fixes this issue.
References (5)
Core 5
Core References
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/01/28/4
Product product
https://github.com/apache/hive
Issue Tracking issue-tracking
https://issues.apache.org/jira/browse/HIVE-28134
Mailing List, Vendor Advisory vendor-advisory
https://lists.apache.org/thread/h27ohpyrqf9w1m3c0tqr7x8jg59rcrv6
Scores
CVSS v3
5.5
EPSS
0.0027
EPSS Percentile
17.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-732
Status
published
Products (2)
apache/hive
1.1.0 - 4.0.1
org.apache.hive/hive-exec
0 - 4.0.1Maven
Published
Jan 28, 2025
Tracked Since
Feb 18, 2026