CVE-2024-23945

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation. The vulnerable CookieSigner logic was introduced in Apache Hive by HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following: * org.apache.hive:hive-service * org.apache.spark:spark-hive-thriftserver_2.11 * org.apache.spark:spark-hive-thriftserver_2.12

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/apache/hive	Product
https://github.com/apache/hive/commit/7638cb1a3b07713cc490aa2909a37037f89e08b4	Patch
https://github.com/apache/spark	Product
https://github.com/apache/spark/commit/cf59b1f51c16301f689b4e0f17ba4dbd140e1b19	Patch
https://issues.apache.org/jira/browse/HIVE-9710	Exploit Issue Tracking Patch Vendor Advisory
https://issues.apache.org/jira/browse/SPARK-14987	Patch Vendor Advisory
https://lists.apache.org/thread/59r4mv7glrxpwkkdjvjbdljfpx3f5zzc	Mailing List Vendor Advisory
https://lists.apache.org/thread/5o2ljnzrv8zvhjw9vy7b4rwjpc32hgfc	Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/12/23/2	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:hive::::::::
	cpe:2.3:a:apache:spark::::::::
	cpe:2.3:a:apache:spark::::::::
	cpe:2.3:a:apache:spark:3.5.0:::::::*

History

No history.

Information

Published : 2024-12-23 16:15

Updated : 2025-07-14 18:32

NVD link : CVE-2024-23945

Mitre link : CVE-2024-23945

CVE.ORG link : CVE-2024-23945

JSON object : View

Products Affected

apache

hive
spark

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

{"id": "CVE-2024-23945", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2024-12-23T16:15:05.590", "references": [{"url": "https://github.com/apache/hive", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/apache/hive/commit/7638cb1a3b07713cc490aa2909a37037f89e08b4", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/apache/spark", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/apache/spark/commit/cf59b1f51c16301f689b4e0f17ba4dbd140e1b19", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://issues.apache.org/jira/browse/HIVE-9710", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://issues.apache.org/jira/browse/SPARK-14987", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread/59r4mv7glrxpwkkdjvjbdljfpx3f5zzc", "tags": ["Mailing List", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread/5o2ljnzrv8zvhjw9vy7b4rwjpc32hgfc", "tags": ["Mailing List", "Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2024/12/23/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-209"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive\u2019s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation.\n\nThe vulnerable CookieSigner logic was introduced in Apache Hive by\u00a0HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following:\n* org.apache.hive:hive-service\n* org.apache.spark:spark-hive-thriftserver_2.11\n* org.apache.spark:spark-hive-thriftserver_2.12"}, {"lang": "es", "value": "Signing cookies es una caracter\u00edstica de seguridad de la aplicaci\u00f3n que agrega una firma digital a los datos de las cookies para verificar su autenticidad e integridad. La firma ayuda a evitar que actores malintencionados modifiquen el valor de la cookie, lo que puede provocar vulnerabilidades de seguridad y explotaci\u00f3n. El componente de servicio de Apache Hive expone accidentalmente la cookie firmada al usuario final cuando hay una discrepancia en la firma entre la cookie actual y la esperada. Exponer la firma de cookie correcta puede conducir a una mayor explotaci\u00f3n. La l\u00f3gica vulnerable de CookieSigner se introdujo en Apache Hive mediante HIVE-9710 (1.2.0) y en Apache Spark mediante SPARK-14987 (2.0.0). Los componentes afectados son los siguientes: * org.apache.hive:hive-service * org.apache.spark:spark-hive-thriftserver_2.11 * org.apache.spark:spark-hive-thriftserver_2.12"}], "lastModified": "2025-07-14T18:32:34.607", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:hive:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7E56F05-E8B7-42CC-9799-0C6D05D753A4", "versionEndExcluding": "4.0.0", "versionStartIncluding": "1.2.0"}, {"criteria": "cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "091392A9-D9B2-41B0-A042-6557DC6FBD88", "versionEndExcluding": "3.3.4", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9E27379-69D4-479F-97D6-257D8C67CDCB", "versionEndExcluding": "3.4.2", "versionStartIncluding": "3.4.0"}, {"criteria": "cpe:2.3:a:apache:spark:3.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D31C1C3-81A7-4E4D-99E2-CE431B252310"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}