Lucene search
K

6 matches found

vulnersOsv
vulnersOsv
added 2024/12/23 6:30 p.m.7 views

com.pingcap.tispark:spark-wrapper-spark-2.4 (>=2.4.4-scala_2.12 <=2.4.4-scala_2.12-RC2), com.pingcap.tispark:spark-wrapper-spark-3.0 (>=2.5.0 <=2.5.3) +21 more potentially affected by CVE-2024-23945 via org.apache.spark:spark-hive-thriftserver_2.12 (>=2.4.8 <=3.3.1)

org.apache.spark:spark-hive-thriftserver2.12 MAVEN version =2.4.8, =2.4.4-scala2.12, =2.5.0, =3.0.1, =2.5.0, =3.0.1, =3.0.1, =3.1.0, =2.4.4-scala2.12, =2.5.1, =3.0.1, =2.5.1, =3.0.1, =3.0.1, =3.1.0, =2.4.4-scala2.12, =3.2.3 and more Source cves: CVE-2024-23945 Source advisory:...

5.9CVSS5.8AI score0.01468EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/12/23 6:30 p.m.8 views

co.elastic.release-test:dist (=9.0.4), co.elastic.release-test:elasticsearch-hadoop-hive (=9.0.4) +194 more potentially affected by CVE-2024-23945 via org.apache.hive:hive-service (>=1.2.0 <=4.0.0-beta-1)

org.apache.hive:hive-service MAVEN version =1.2.0, =5.0.0, =1.7.0, =3.0.0, =0.1.1, =2.0.1-preview, =2.0.0, =5.0.1 - com.hotels:mutant-swarm =1.1.0 - com.hotels:waggle-dance =4.0.0 - com.hotels:waggle-dance-boot =4.0.0 - com.hotels:waggle-dance-core =4.0.0 and more Source cves: CVE-2024-23945 Sour...

5.9CVSS6.2AI score0.01468EPSS
Exploits1
NVD
NVD
added 2024/12/23 4:15 p.m.39 views

CVE-2024-23945

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...

5.9CVSS0.01468EPSS
Exploits1References9
OSV
OSV
added 2024/12/23 3:26 p.m.14 views

CVE-2024-23945 Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...

5.9CVSS6.3AI score0.01468EPSS
Exploits1References12
CVE
CVE
added 2024/12/23 3:26 p.m.813 views

CVE-2024-23945

CVE-2024-23945 → CookieSigner exposes the correct cookie signature to end users when a signature mismatch occurs. Affected: Hive service component and Spark Hive-ThriftServer (versions tied to HIVE-9710 1.2.0 and SPARK-14987 2.0.0). Root cause: flawed CookieSigner logic allows exposure of the sig...

5.9CVSS6.7AI score0.01468EPSS
Exploits1References9Affected Software2
Vulnrichment
Vulnrichment
added 2024/12/23 3:26 p.m.28 views

CVE-2024-23945 Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...

7AI score0.01468EPSS
Exploits1References8
Rows per page
Query Builder