CVE-2018-1284
Description
In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually hive) if hive.server2.enable.doAs=false.
Risk Information
Base Score
3.7
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.469
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-1284,CVE-2018-1315 are fixed in Apache-hive-exec 2.3.3 | Windows |
| Vulnerabilities CVE-2018-1284,CVE-2018-1315 are fixed in Apache-hive 2.3.3 | Windows |
| Vulnerabilities CVE-2018-1284,CVE-2018-1315 are fixed in Apache-hive-service 2.3.3 | Windows |
| Vulnerabilities CVE-2018-1284,CVE-2018-1315 are fixed in Apache-hive-exec for Linux 2.3.3 | Linux |
| Vulnerabilities CVE-2018-1284,CVE-2018-1315 are fixed in Apache-hive for Linux 2.3.3 | Linux |
| Vulnerabilities CVE-2018-1284,CVE-2018-1315 are fixed in Apache-hive-service for Linux 2.3.3 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234