PT-2018-18393 · Apache · Apache Sentry

Published

2018-08-23

Updated

2022-05-13

CVE-2018-8028

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Apache Sentry versions prior to 2.0.1

Description: The issue allows an authenticated user to execute ALTER TABLE EXCHANGE PARTITIONS without proper authorization. This can lead to unauthorized access to partitioned data in a Sentry protected table and potentially allow an attacker to remove data from the table.

Recommendations: For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2018-8028

GHSA-6XHJ-P29V-82J8

Affected Products

Apache Sentry

PT-2018-18393 · Apache · Apache Sentry

CVE-2018-8028

Weakness Enumeration

Related Identifiers

Affected Products

References · 5