Primary

Context

Apache Hive Credentials File Permission Vulnerability

Vulnerability

Patched

A vulnerability exists in Apache Hive versions 1.1.0 prior to 4.0.1, where a credentials file is created in a temporary directory with default permissions of 644. This allows any unauthorized user with access to the directory to read the sensitive information in the file. The issue arises because the file permissions are not explicitly set, leaving the credentials exposed to unauthorized access.

Impact

The vulnerability allows unauthorized users to read sensitive information from the credentials file.

Remediation

Users are advised to upgrade to Apache Hive version 4.0.1, which addresses this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Hive Credentials File Permission Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache Hive

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating