CVE-2024-23945

Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation. The vulnerable CookieSigner logic was introduced in Apache Hive by HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following:
* org.apache.hive:hive-service
* org.apache.spark:spark-hive-thriftserver_2.11
* org.apache.spark:spark-hive-thriftserver_2.12

Signing cookies es una característica de seguridad de la aplicación que agrega una firma digital a los datos de las cookies para verificar su autenticidad e integridad. La firma ayuda a evitar que actores malintencionados modifiquen el valor de la cookie, lo que puede provocar vulnerabilidades de seguridad y explotación. El componente de servicio de Apache Hive expone accidentalmente la cookie firmada al usuario final cuando hay una discrepancia en la firma entre la cookie actual y la esperada. Exponer la firma de cookie correcta puede conducir a una mayor explotación. La lógica vulnerable de CookieSigner se introdujo en Apache Hive mediante HIVE-9710 (1.2.0) y en Apache Spark mediante SPARK-14987 (2.0.0). Los componentes afectados son los siguientes: * org.apache.hive:hive-service * org.apache.spark:spark-hive-thriftserver_2.11 * org.apache.spark:spark-hive-thriftserver_2.12

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation. The vulnerable CookieSigner logic was introduced in Apache Hive by HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following: * org.apache.hive:hive-service * org.apache.spark:spark-hive-thriftserver_2.11 * org.apache.spark:spark-hive-thriftserver_2.12

*Credits: Kostya Kortchinsky, Hamza Tahmi

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-01-24 CVE Reserved
2024-12-23 CVE Published
2024-12-24 EPSS Updated
2025-02-18 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-209: Generation of Error Message Containing Sensitive Information

CAPEC

References (9)

URL	Tag	Source
https://github.com/apache/hive	Product
https://github.com/apache/spark	Product
https://issues.apache.org/jira/browse/HIVE-9710
https://issues.apache.org/jira/browse/SPARK-14987
http://www.openwall.com/lists/oss-security/2024/12/23/2

URL	Date	SRC

URL	Date	SRC
https://github.com/apache/hive/commit/7638cb1a3b07713cc490aa2909a37037f89e08b4	2024-12-24
https://github.com/apache/spark/commit/cf59b1f51c16301f689b4e0f17ba4dbd140e1b19	2024-12-24

URL	Date	SRC
https://lists.apache.org/thread/59r4mv7glrxpwkkdjvjbdljfpx3f5zzc	2024-12-24
https://lists.apache.org/thread/5o2ljnzrv8zvhjw9vy7b4rwjpc32hgfc	2024-12-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Software Foundation Search vendor "Apache Software Foundation"		Apache Hive Search vendor "Apache Software Foundation" for product "Apache Hive"				>= 1.2.0 < 4.0.0 Search vendor "Apache Software Foundation" for product "Apache Hive" and version " >= 1.2.0 < 4.0.0"		en		Affected
Apache Software Foundation Search vendor "Apache Software Foundation"		Apache Spark Search vendor "Apache Software Foundation" for product "Apache Spark"				>= 2.0.0 < 3.0.0 Search vendor "Apache Software Foundation" for product "Apache Spark" and version " >= 2.0.0 < 3.0.0"		en		Affected
Apache Software Foundation Search vendor "Apache Software Foundation"		Apache Spark Search vendor "Apache Software Foundation" for product "Apache Spark"				>= 3.0.0 < 3.3.4 Search vendor "Apache Software Foundation" for product "Apache Spark" and version " >= 3.0.0 < 3.3.4"		en		Affected
Apache Software Foundation Search vendor "Apache Software Foundation"		Apache Spark Search vendor "Apache Software Foundation" for product "Apache Spark"				>= 3.4.0 < 3.4.2 Search vendor "Apache Software Foundation" for product "Apache Spark" and version " >= 3.4.0 < 3.4.2"		en		Affected