CVE-2024-23945

MEDIUM EPSS 70.4%
Published Dec 23, 20241y ago · Modified Jun 17, 20261w ago
5.9 CVSS 3.1
Medium
Find Similar
Published Dec 23, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation. The vulnerable CookieSigner logic was introduced in Apache Hive by HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following: * org.apache.hive:hive-service * org.apache.spark:spark-hive-thriftserver_2.11 * org.apache.spark:spark-hive-thriftserver_2.12

CVSS Details

Base Score
5.9
Exploitability
2.2
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
70.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-209

Affected Products 4

VendorProductVersionRange
apachehive*≥1.2.0  –  <4.0.0
apachespark*≥2.0.0  –  <3.3.4
apachespark*≥3.4.0  –  <3.4.2
apachespark3.5.0any

References 9

  • openwall.com http://www.openwall.com/lists/oss-security/2024/12/23/2
    Mailing ListThird Party Advisory
  • github.com https://github.com/apache/hive
    Product
  • github.com https://github.com/apache/hive/commit/7638cb1a3b07713cc490aa2909a37037f89e08b4
    Patch
  • github.com https://github.com/apache/spark
    Product
  • github.com https://github.com/apache/spark/commit/cf59b1f51c16301f689b4e0f17ba4dbd140e1b19
    Patch
  • issues.apache.org https://issues.apache.org/jira/browse/HIVE-9710
    ExploitIssue TrackingPatchVendor Advisory
  • issues.apache.org https://issues.apache.org/jira/browse/SPARK-14987
    PatchVendor Advisory
  • lists.apache.org https://lists.apache.org/thread/59r4mv7glrxpwkkdjvjbdljfpx3f5zzc
    Mailing ListVendor Advisory
  • lists.apache.org https://lists.apache.org/thread/5o2ljnzrv8zvhjw9vy7b4rwjpc32hgfc
    Mailing ListVendor Advisory

Remediation

  • github.com https://github.com/apache/hive/commit/7638cb1a3b07713cc490aa2909a37037f89e08b4
    Patch
  • github.com https://github.com/apache/spark/commit/cf59b1f51c16301f689b4e0f17ba4dbd140e1b19
    Patch
  • issues.apache.org https://issues.apache.org/jira/browse/HIVE-9710
    ExploitIssue TrackingPatchVendor Advisory
  • issues.apache.org https://issues.apache.org/jira/browse/SPARK-14987
    PatchVendor Advisory