CVE-2024-29869

ADVISORY - github

Summary

Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. Users are recommended to upgrade to version 4.0.1, which fixes this issue.

EPSS Score⁠: 0.00092 (0.262)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-732⁠

Incorrect Permission Assignment for Critical Resource

ADVISORY - github

CWE-732⁠

Incorrect Permission Assignment for Critical Resource

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-732⁠

Incorrect Permission Assignment for Critical Resource

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.