cnvd - cnvd-2024-49152

cnvd-2024-49152

Vulnerability from cnvd

Title: Apache Hive代码执行漏洞

Description:

Apache Hive是美国阿帕奇（Apache）基金会的一套基于Hadoop（分布式系统基础架构）的数据仓库软件。该软件提供了一个数据集成方法和一种高级的查询语言，以支持在Hadoop上进行大规模数据分析。

Apache Hive存在代码执行漏洞，该漏洞源于在过滤和获取分区时使用的方法不安全，攻击者可利用该漏洞导致远程代码执行。

Severity: 高

Patch Name: Apache Hive代码执行漏洞的补丁

Patch Description:

Apache Hive存在代码执行漏洞，该漏洞源于在过滤和获取分区时使用的方法不安全，攻击者可利用该漏洞导致远程代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/jwtr3d9yovf2wo0qlxvkhoxnwxxyzgts

Reference: http://www.openwall.com/lists/oss-security/2024/12/04/2

Impacted products

Name
Apache Apache Hive

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-41137",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-41137"
    }
  },
  "description": "Apache Hive\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u57fa\u4e8eHadoop\uff08\u5206\u5e03\u5f0f\u7cfb\u7edf\u57fa\u7840\u67b6\u6784\uff09\u7684\u6570\u636e\u4ed3\u5e93\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u4e86\u4e00\u4e2a\u6570\u636e\u96c6\u6210\u65b9\u6cd5\u548c\u4e00\u79cd\u9ad8\u7ea7\u7684\u67e5\u8be2\u8bed\u8a00\uff0c\u4ee5\u652f\u6301\u5728Hadoop\u4e0a\u8fdb\u884c\u5927\u89c4\u6a21\u6570\u636e\u5206\u6790\u3002\n\nApache Hive\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u8fc7\u6ee4\u548c\u83b7\u53d6\u5206\u533a\u65f6\u4f7f\u7528\u7684\u65b9\u6cd5\u4e0d\u5b89\u5168\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/jwtr3d9yovf2wo0qlxvkhoxnwxxyzgts",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-49152",
  "openTime": "2024-12-24",
  "patchDescription": "Apache Hive\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u57fa\u4e8eHadoop\uff08\u5206\u5e03\u5f0f\u7cfb\u7edf\u57fa\u7840\u67b6\u6784\uff09\u7684\u6570\u636e\u4ed3\u5e93\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u4e86\u4e00\u4e2a\u6570\u636e\u96c6\u6210\u65b9\u6cd5\u548c\u4e00\u79cd\u9ad8\u7ea7\u7684\u67e5\u8be2\u8bed\u8a00\uff0c\u4ee5\u652f\u6301\u5728Hadoop\u4e0a\u8fdb\u884c\u5927\u89c4\u6a21\u6570\u636e\u5206\u6790\u3002\r\n\r\nApache Hive\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u8fc7\u6ee4\u548c\u83b7\u53d6\u5206\u533a\u65f6\u4f7f\u7528\u7684\u65b9\u6cd5\u4e0d\u5b89\u5168\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Hive\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Apache Hive"
  },
  "referenceLink": "http://www.openwall.com/lists/oss-security/2024/12/04/2",
  "serverity": "\u9ad8",
  "submitTime": "2024-12-13",
  "title": "Apache Hive\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2022-41137 (GCVE-0-2022-41137)

Vulnerability from cvelistv5

Published

2024-12-05 10:01

Modified

2024-12-05 17:02

Severity ?

CWE

CWE-502 - Deserialization of Untrusted Data

Summary

Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be exploited only by authenticated users/clients that were able to successfully establish a connection to the Metastore. From an API perspective any code that calls the unsafe method may be vulnerable unless it performs additional prerechecks on the input arguments.

References

▼	URL	Tags
	https://github.com/apache/hive	product
	https://issues.apache.org/jira/browse/HIVE-26539	issue-tracking
	https://github.com/apache/hive/commit/60027bb9c91a93affcfebd9068f064bc1f2a74c9	patch
	https://lists.apache.org/thread/jwtr3d9yovf2wo0qlxvkhoxnwxxyzgts	vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Hive	Version: 4.0.0-alpha-1 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-05T10:03:34.734Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/12/04/2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:hive:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "hive",
            "vendor": "apache",
            "versions": [
              {
                "lessThan": "4.0.0",
                "status": "affected",
                "version": "4.0.0-alpha-1",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-41137",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-05T17:00:40.730056Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T17:02:05.659Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.hive:hive-exec",
          "product": "Apache Hive",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "4.0.0",
              "status": "affected",
              "version": "4.0.0-alpha-1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Junjie Liao"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Apache Hive\u0026nbsp;Metastore (HMS) uses\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSerializationUtilities#deserializeObjectWithTypeInformation\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;method when filtering and fetching partitions that is unsafe and\u003c/span\u003e\u0026nbsp;can lead\u0026nbsp;to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data.\u003cbr\u003e\u003cbr\u003eIn real deployments, the vulnerability can be exploited only by authenticated users/clients that were able to successfully establish\u0026nbsp;a connection to the Metastore. From an API perspective any code that calls the unsafe method may be vulnerable unless it performs additional prerechecks on the input arguments."
            }
          ],
          "value": "Apache Hive\u00a0Metastore (HMS) uses\u00a0SerializationUtilities#deserializeObjectWithTypeInformation\u00a0method when filtering and fetching partitions that is unsafe and\u00a0can lead\u00a0to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data.\n\nIn real deployments, the vulnerability can be exploited only by authenticated users/clients that were able to successfully establish\u00a0a connection to the Metastore. From an API perspective any code that calls the unsafe method may be vulnerable unless it performs additional prerechecks on the input arguments."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-05T10:01:41.692Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/apache/hive"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://issues.apache.org/jira/browse/HIVE-26539"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/apache/hive/commit/60027bb9c91a93affcfebd9068f064bc1f2a74c9"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/jwtr3d9yovf2wo0qlxvkhoxnwxxyzgts"
        }
      ],
      "source": {
        "defect": [
          "HIVE-26539"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-41137",
    "datePublished": "2024-12-05T10:01:41.692Z",
    "dateReserved": "2022-09-20T14:55:51.817Z",
    "dateUpdated": "2024-12-05T17:02:05.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted