GHSA-6xhj-p29v-82j8

Suggest an improvement
Source
https://github.com/advisories/GHSA-6xhj-p29v-82j8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6xhj-p29v-82j8/GHSA-6xhj-p29v-82j8.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-6xhj-p29v-82j8
Aliases
Published
2022-05-13T01:53:29Z
Modified
2023-11-01T04:49:37.203617Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Apache Sentry may allow attacker to access/remove data from Sentry protected table
Details

An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table.

Database specific
{
    "nvd_published_at": "2018-08-23T15:29:00Z",
    "github_reviewed_at": "2022-11-22T19:25:07Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-862"
    ]
}
References

Affected packages

Maven / org.apache.sentry:sentry

Package

Name
org.apache.sentry:sentry
View open source insights on deps.dev
Purl
pkg:maven/org.apache.sentry/sentry

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.1

Affected versions

1.*

1.7.0
1.7.1
1.8.0

2.*

2.0.0