apache/sentry: The latest CVE Vulnerabilities and Exploits for Penetration Test
apache/sentry Vulnerability Summary
- Vendor name: apache
- Product name: sentry
- Total vulnerabilities: 2 (as 2023-05-04)
apache/sentry Vulnerability List
CVE-2018-8028: An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by…
Published: 2018-08-23T15:29:00 Last Modified: 2019-10-03T00:03:00
Summary
An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table.
Common Weakness Enumeration (CWE): CWE-862: Missing Authorization
CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.0
- CVSS: 6.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-8028 vulnerability.
References
See also: All popular products CVE Vulnerabilities of apache
CVE-2016-0760: Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote…
Published: 2016-08-19T21:59:00 Last Modified: 2016-08-22T17:43:00
Summary
Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.
Common Weakness Enumeration (CWE): CWE-284: Improper Access Control
CWE Description: The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.0
- CVSS: 6.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2016-0760 vulnerability.
References
- http://www.securityfocus.com/bid/92328
- http://mail-archives.apache.org/mod_mbox/sentry-dev/201608.mbox/%3CCACMN7ixDqDyOZGLEvsMUVHBiJ6crq8zdy%2B2mNfRooNhnk7CJ1g%40mail.gmail.com%3E
See also: All popular products CVE Vulnerabilities of apache