Base Score

HIGH8.8

CVE-2018-8028

An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table.

VectorNETWORK

Published Bysecurity@apache.org

Published DateAug 23, 2018, 15:29

Affected Versions(1)

org.apache.sentry:sentry(Maven)

Introduced0

Fixed2.0.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.sentry:sentry(Maven)	0	2.0.1	N/A

Weakness Type (CWE):CWE-862

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://cwiki.apache.org/confluence/display/SENTRY/Vulnerabilities+found+in+Apache+Sentry

Base Score

HIGH8.8

Weakness Type (CWE):CWE-862

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH