An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table.
CPE | Name | Operator | Version |
---|---|---|---|
org.apache.sentry:sentry | eq | 2.0.0 | |
org.apache.sentry:sentry | eq | 1.7.1 | |
org.apache.sentry:sentry | eq | 1.7.0 | |
org.apache.sentry:sentry | eq | 1.8.0 |