CVE-2024-29869: Apache Hive: Credentials file created with non restrictive permissions
First published: Tue Jan 28 2025(Updated: )
Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. Users are recommended to upgrade to version 4.0.1, which fixes this issue.
Credit: security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Hive | <4.0.1 | |
| maven/org.apache.hive:hive-exec | <4.0.1 | 4.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/apache/hive
- https://github.com/apache/hive/commit/20106e254527f7d71b2e34455c4322e14950c620
- https://issues.apache.org/jira/browse/HIVE-28134
- https://lists.apache.org/thread/h27ohpyrqf9w1m3c0tqr7x8jg59rcrv6
- http://www.openwall.com/lists/oss-security/2025/01/28/4
- https://nvd.nist.gov/vuln/detail/CVE-2024-29869
- https://github.com/advisories/GHSA-c476-j253-5rgq (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-29869?
The severity of CVE-2024-29869 is critical due to potential unauthorized access to sensitive credential information.
How do I fix CVE-2024-29869?
To fix CVE-2024-29869, update to Apache Hive version 4.0.1 or later, ensuring file permissions are explicitly set to restrict access.
What are the risks associated with CVE-2024-29869?
The risks associated with CVE-2024-29869 include exposure of sensitive information to unauthorized users if the temporary directory's permissions are not properly configured.
Which versions of Apache Hive are affected by CVE-2024-29869?
Apache Hive versions prior to 4.0.1 are affected by CVE-2024-29869.
Is CVE-2024-29869 an issue in Hive's default configuration?
Yes, CVE-2024-29869 arises due to default file permissions of 644 being set for credentials files when permissions are not explicitly defined.
- collector/oss-sec
- source/oss-sec
- alias/CVE-2024-29869
- agent/first-publish-date
- agent/weakness
- agent/title
- agent/type
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/source
- agent/softwarecombine
- agent/trending
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-c476-j253-5rgq
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/github-advisory
- vendor/apache
- canonical/apache hive
- package-manager/maven