Home > Vulnerability Database > CVE-2024-29869

Mend.io Vulnerability Database

CVE-2024-29869

Good to know:

Date: January 28, 2025

Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. Users are recommended to upgrade to version 4.0.1, which fixes this issue.

Severity Score

5.5

Related Resources (7)

Url: https://lists.apache.org/thread/h27ohpyrqf9w1m3c0tqr7x8jg59rcrv6

Url: https://github.com/apache/hive

Url: http://www.openwall.com/lists/oss-security/2025/01/28/4

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29869

Url: https://issues.apache.org/jira/browse/HIVE-28134

Url: https://github.com/apache/hive/commit/20106e254527f7d71b2e34455c4322e14950c620

Url: https://www.mend.io/vulnerability-database/CVE-2024-29869

Severity Score

5.5

Weakness Type (CWE)

Incorrect Permission Assignment for Critical Resource

CWE-732

Top Fix

Upgrade Version

Upgrade to version org.apache.hive:hive-exec:4.0.1

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-29869

Good to know:

Date: January 28, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?