An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table.
[
{
"product": "Apache Sentry",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache Sentry 2.0.0"
}
]
}
]