CVE-2018-8028

Vulnerability

In Apache Sentry versions prior to 2.0.1, the authorization check for the ALTER TABLE EXCHANGE PARTITIONS command is missing. This allows an authenticated user to execute this command on tables that are protected by Sentry without being properly authorized [1]. The bug affects all releases before 2.0.1.

Exploitation

An attacker must have valid authentication credentials for the Hive or Sentry system. No additional privileges or special network position are required beyond being an authenticated user. The attacker can simply execute ALTER TABLE table_name EXCHANGE PARTITION (partition_spec) WITH TABLE other_table on a Sentry-protected table, and Sentry will not check whether the user is authorized to perform that operation [2].

Impact

Successful exploitation allows the attacker to gain unauthorized access to partitioned data that they should not be able to see (information disclosure) and to remove data from a Sentry-protected table (data loss or integrity violation). The attacker may access or delete partitions of any table that Sentry is supposed to protect [3].

Mitigation

The vulnerability is fixed in Apache Sentry version 2.0.1 [3]. Users should upgrade to this version or later. There is no workaround documented. If upgrading is not possible, consider restricting access to the ALTER TABLE EXCHANGE PARTITIONS command at the Hive level or applying access controls outside of Sentry.