GHSA-6xhj-p29v-82j8

Source

https://github.com/advisories/GHSA-6xhj-p29v-82j8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6xhj-p29v-82j8/GHSA-6xhj-p29v-82j8.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-6xhj-p29v-82j8

Aliases

CVE-2018-8028

Published

2022-05-13T01:53:29Z

Modified

2023-11-01T04:49:37.203617Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Apache Sentry may allow attacker to access/remove data from Sentry protected table

Details

An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table.

Database specific

{
    "nvd_published_at": "2018-08-23T15:29:00Z",
    "cwe_ids": [
        "CWE-862"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-22T19:25:07Z"
}

References

Affected packages

Maven / org.apache.sentry:sentry

Package

Name: org.apache.sentry:sentry; View open source insights on deps.dev
Purl: pkg:maven/org.apache.sentry/sentry

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.1

Affected versions

1.*

1.7.0

1.7.1

1.8.0

2.*

2.0.0