Lucene search

CVE-2024-23945 Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails

🗓️ 23 Dec 2024 15:54:26Reported by apacheType

Apache Hive and Spark expose correct cookie signature on verification failure, risking exploitation.

Reporter	Title	Published	Views	Family All 7
OSV	Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails	23 Dec 202418:30	–	osv
OSV	CVE-2024-23945	23 Dec 202416:15	–	osv
Github Security Blog	Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails	23 Dec 202418:30	–	github
Vulnrichment	CVE-2024-23945 Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails	23 Dec 202415:26	–	vulnrichment
CVE	CVE-2024-23945	23 Dec 202416:15	–	cve
NVD	CVE-2024-23945	23 Dec 202416:15	–	nvd
Veracode	Sensitive Information Exposure	8 Jan 202504:39	–	veracode

[
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.hive:hive-service",
    "product": "Apache Hive",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "4.0.0",
        "status": "affected",
        "version": "1.2.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.spark:spark-hive-thriftserver_2.11",
    "product": "Apache Spark",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "3.0.0",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.spark:spark-hive-thriftserver_2.12",
    "product": "Apache Spark",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "3.3.4",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.4.2",
        "status": "affected",
        "version": "3.4.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "3.5.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/apache/spark/commit/cf59b1f51c16301f689b4e0f17ba4dbd140e1b19
github	www.github.com/apache/spark
issues	www.issues.apache.org/jira/browse/SPARK-14987
lists	www.lists.apache.org/thread/5o2ljnzrv8zvhjw9vy7b4rwjpc32hgfc
lists	www.lists.apache.org/thread/59r4mv7glrxpwkkdjvjbdljfpx3f5zzc
github	www.github.com/apache/hive
github	www.github.com/apache/hive/commit/7638cb1a3b07713cc490aa2909a37037f89e08b4
issues	www.issues.apache.org/jira/browse/HIVE-9710

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Dec 2024 15:26Current

EPSS0.0004

CWE-209