Diksha created HIVE-27501:
-----------------------------
Summary: CVE-2022-45868: upgraded h2database version to 2.2.220
Key: HIVE-27501
URL: https://issues.apache.org/jira/browse/HIVE-27501
Project: Hive
Issue Type: Task
Reporter: Diksha
Assignee: Diksha
The web-based admin console in H2 Database Engine through 2.1.214 can be
started via the CLI with the argument -webAdminPassword, which allows the user
to specify the password in cleartext for the web admin console. Consequently, a
local user (or an attacker that has obtained local access through some means)
would be able to discover the password by listing processes and their
arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console
... Passwords should never be passed on the command line and every qualified
DBA or system administrator is expected to know that."
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
