GSD-2018-1315
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-1315",
"description": "In Apache Hive 2.1.0 to 2.3.2, when \u0027COPY FROM FTP\u0027 statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently.",
"id": "GSD-2018-1315"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-1315"
],
"details": "In Apache Hive 2.1.0 to 2.3.2, when \u0027COPY FROM FTP\u0027 statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently.",
"id": "GSD-2018-1315",
"modified": "2023-12-13T01:22:37.194886Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-04-04T00:00:00",
"ID": "CVE-2018-1315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Hive",
"version": {
"version_data": [
{
"version_value": "2.1.0 to 2.3.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Hive 2.1.0 to 2.3.2, when \u0027COPY FROM FTP\u0027 statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Resource Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20180404 [SECURITY] CVE-2018-1315 \u0027COPY FROM FTP\u0027 statement in HPL/SQL can write to arbitrary location if the FTP server is compromised",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d5da94ef60312c01a8d2348466680d1b5fb70702c71a3e84e94f7933@%3Cdev.hive.apache.org%3E"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[2.1.0,2.3.3)",
"affected_versions": "All versions starting from 2.1.0 before 2.3.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-732",
"CWE-937"
],
"date": "2021-09-15",
"description": "In Apache Hive 2.1.0 to 2.3.2, when \u0027COPY FROM FTP\u0027 statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently.",
"fixed_versions": [
"2.3.3"
],
"identifier": "CVE-2018-1315",
"identifiers": [
"GHSA-p639-xxv5-j383",
"CVE-2018-1315"
],
"not_impacted": "All versions before 2.1.0, all versions starting from 2.3.3",
"package_slug": "maven/org.apache.hive/hive-exec",
"pubdate": "2018-11-21",
"solution": "Upgrade to version 2.3.3 or above.",
"title": "Incorrect Permission Assignment for Critical Resource",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-1315",
"https://github.com/advisories/GHSA-p639-xxv5-j383"
],
"uuid": "dec5e747-40fb-487a-b139-21258e6f4410"
},
{
"affected_range": "[2.1.0,2.3.3)",
"affected_versions": "All versions starting from 2.1.0 before 2.3.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-732",
"CWE-937"
],
"date": "2021-09-15",
"description": "In Apache Hive 2.1.0 to 2.3.2, when \u0027COPY FROM FTP\u0027 statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently.",
"fixed_versions": [
"2.3.3"
],
"identifier": "CVE-2018-1315",
"identifiers": [
"GHSA-p639-xxv5-j383",
"CVE-2018-1315"
],
"not_impacted": "All versions before 2.1.0, all versions starting from 2.3.3",
"package_slug": "maven/org.apache.hive/hive-service",
"pubdate": "2018-11-21",
"solution": "Upgrade to version 2.3.3 or above.",
"title": "Incorrect Permission Assignment for Critical Resource",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-1315",
"https://github.com/advisories/GHSA-p639-xxv5-j383",
"https://lists.apache.org/thread.html/d5da94ef60312c01a8d2348466680d1b5fb70702c71a3e84e94f7933@%3Cdev.hive.apache.org%3E"
],
"uuid": "5e15fc23-b092-476f-bb43-c55f445547b5"
},
{
"affected_range": "[2.1.0,2.3.2]",
"affected_versions": "All versions starting from 2.1.0 up to 2.3.2",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-732",
"CWE-937"
],
"date": "2019-10-03",
"description": "In Apache Hiveto, when `COPY FROM FTP` statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently.",
"fixed_versions": [
"2.3.3"
],
"identifier": "CVE-2018-1315",
"identifiers": [
"CVE-2018-1315"
],
"not_impacted": "All versions before 2.1.0, all versions after 2.3.2",
"package_slug": "maven/org.apache.hive/hive",
"pubdate": "2018-04-05",
"solution": "Upgrade to version 2.3.3 or above.",
"title": "Incorrect Permission Assignment for Critical Resource",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-1315"
],
"uuid": "7f9ce099-bbf7-462b-818c-b063e980c216"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:hive:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.2",
"versionStartIncluding": "2.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-1315"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Apache Hive 2.1.0 to 2.3.2, when \u0027COPY FROM FTP\u0027 statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not verify the destination location of the downloaded file. This does not affect hive cli user and hiveserver2 user as hplsql is a separate command line script and needs to be invoked differently."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20180404 [SECURITY] CVE-2018-1315 \u0027COPY FROM FTP\u0027 statement in HPL/SQL can write to arbitrary location if the FTP server is compromised",
"refsource": "MLIST",
"tags": [
"Mitigation",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/d5da94ef60312c01a8d2348466680d1b5fb70702c71a3e84e94f7933@%3Cdev.hive.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
},
"lastModifiedDate": "2019-10-03T00:03Z",
"publishedDate": "2018-04-05T13:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…