CVE-2018-8028: Missing Authorization

August 23, 2018 (updated October 3, 2019)

An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table.

References

nvd.nist.gov/vuln/detail/CVE-2018-8028

Code Behaviors & Features

Detect and mitigate CVE-2018-8028 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →