CVE-2024-23945
CVSS 3.1 Score 5.9 of 10 (medium)
Details
Summary
CVE-2024-23945 is a vulnerability affecting Apache Hive and Spark components. These components, specifically org.apache.hive:hive-service, org.apache.spark:spark-hive-thriftserver_2.11, and org.apache.spark:spark-hive-thriftserver_2.12, inadvertently expose signed cookies to end users when there's a signature mismatch. Signed cookies are essential for maintaining cookie data authenticity and integrity, but exposing the correct signature can lead to further exploitation. This issue was introduced in Apache Hive with HIVE-9710 (1.2.0) and in Apache Spark with SPARK-14987 (2.0.0).
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Apache Spark
- Apache Hive
Affected Vendors
- Apache Software Foundation