CVE-2018-8028 – org.apache.sentry:sentry

Package

Manager: maven
Name: org.apache.sentry:sentry
Vulnerable Version: >=0 <2.0.1

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00137 pctl0.34244

Details

Apache Sentry may allow attacker to access/remove data from Sentry protected table An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table.

Metadata

Created: 2022-05-13T01:53:29Z
Modified: 2022-11-22T19:25:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6xhj-p29v-82j8/GHSA-6xhj-p29v-82j8.json
CWE IDs: ["CWE-862"]
Alternative ID: GHSA-6xhj-p29v-82j8
Finding: F039
Auto approve: 1