Java| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.hive:hive-exec | maven |
| < 4.0.1 |
| 4.0.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from insecure file permission handling when writing credentials. The commit diff shows the vulnerable code path used Credentials.writeTokenStorageFile() without permission controls, while the fix introduces explicit permission setting via createFile().permission(). The constructor of SecureCmdDoAs is where the credentials file creation occurred with default permissions prior to the patch.
KEV Misses 88% of Exploited CVEs- Get the report
