Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-8028 Vulnerability in maven package org.apache.sentry:sentry-binding-hive

Description

An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table.

Remediation

References

https://cwiki.apache.org/confluence/display/SENTRY/Vulnerabilities+found+in+Apache+Sentry

Related Vulnerabilities

CVE-2020-7690 Vulnerability in maven package org.webjars.npm:jspdf

CVE-2022-23464 Vulnerability in maven package com.nepxion:discovery-plugin-admin-center

CVE-2017-14949 Vulnerability in maven package org.restlet.osgi:org.restlet

CVE-2022-0671 Vulnerability in maven package org.eclipse.lemminx:lemminx-parent

CVE-2020-7634 Vulnerability in npm package heroku-addonpool

Severity

Critical

Classification

CWE-862 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory