Vulnerability	Vulnerable Version
M Incorrect Permission Assignment for Critical Resource org.apache.hive:hive-exec is a package for reading, writing, and managing large datasets residing in distributed storage using SQL. Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the default creation of a credentials file with permissions set to 644 in a temporary directory. An attacker that has access to the temporary directory in the file system can read sensitive information by accessing this directory. How to fix Incorrect Permission Assignment for Critical Resource? Upgrade `org.apache.hive:hive-exec` to version 4.0.1 or higher.	[,4.0.1)

Incorrect Permission Assignment for Critical Resource

org.apache.hive:hive-exec is a package for reading, writing, and managing large datasets residing in distributed storage using SQL.

Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the default creation of a credentials file with permissions set to 644 in a temporary directory. An attacker that has access to the temporary directory in the file system can read sensitive information by accessing this directory.

How to fix Incorrect Permission Assignment for Critical Resource?

Upgrade org.apache.hive:hive-exec to version 4.0.1 or higher.

[,4.0.1)

Go back to all versions of this package