VDB
CVE-2024-23953
CVE-2024-23953
PUBLISHED
CVSS 6.5 MEDIUM
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing
EPSS 1.56% · 81.8th percentile
Risk Scores
CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
1.56%
81.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.apache.hive:hive-llap-common | 0 |
| Apache Software Foundation | Apache Hive | 2.2.0 |
| apache | hive | 2.2.0 |
Timeline
- Jan 28, 2025 CVE Published
- Jan 28, 2025 PoC Published
- Jan 28, 2025 PoC Published
- Jan 28, 2025 PoC Published
- Jan 28, 2025 PoC Published
- Jan 29, 2025 EPSS Score
- Jan 31, 2025 PoC Published
- Jan 31, 2025 PoC Published
- Feb 3, 2025 Coalition ESS Score
- Feb 3, 2025 PoC Published
- Feb 13, 2025 EPSS Score
- Feb 18, 2025 Coalition ESS Score
References
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404 advisory
- https://github.com/apache/hive url
- https://github.com/apache/hive/commit/b418e3c9f479ba8e7d31e6470306111002ffa809 patch
- https://issues.apache.org/jira/browse/HIVE-28030 issue
- https://blog.gypsyengineer.com/en/security/preventing-timing-attacks-with-codeql.html url
- https://cqr.company/web-vulnerabilities/timing-attacks/ url
- https://lists.apache.org/thread/0nloywj49nbtlc6l3c6363qvq7o1ztb7 vendor-advisory
- http://www.openwall.com/lists/oss-security/2025/01/28/3 url
- https://nvd.nist.gov/vuln/detail/CVE-2024-23953 advisory
- https://cqr.company/web-vulnerabilities/timing-attacks url