24 matches found
EUVD-2016-0779
Malware in sbrugna...
EUVD-2022-2877
Malicious code in bioql PyPI...
PT-2025-29290 · Apache · Apache Sentry
Name of the Vulnerable Software and Affected Versions: Apache Sentry affected versions not specified Description: An authenticated user enrolled device may access a service protected by Sentry even if they are not authorized according to the sentry policy to access that service. This does not...
GHSA-6XHJ-P29V-82J8 Apache Sentry may allow attacker to access/remove data from Sentry protected table
An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table...
Apache Sentry may allow attacker to access/remove data from Sentry protected table
An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table...
CVE-2021-28131
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...
CVE-2021-28131
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...
Authorization
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...
CVE-2021-28131 Impala logs contain secrets
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...
CVE-2021-28131
CVE-2021-28131 (Impala): The vulnerability arises because a 16-byte session secret is logged, enabling an authenticated user to hijack another user’s session and execute statements with privileges not held. Affected deployments with Apache Sentry, Apache Ranger, or audit logging may face privileg...
CVE-2021-28131
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...
Authorization
In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query IDs are unique an...
Unauthorized Modification
Apache Sentry is vulnerable to unauthorized modification attacks. An unauthorized user could execute ALTER TABLE EXCHANGE PARTITIONS which may allow an attacker to access unauthorized partitioned data of a Sentry protected table and to remove data from a Sentry protected table...
Apache Sentry Unauthorized Access Vulnerability
Apache Sentry is an open source component for use in Hadoop clusters. An unauthorized access vulnerability exists in Apache Sentry, which allows remote attackers to submit a special request to delete partitioned data from a table protected by Sentry...
CVE-2018-8028
An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table...
CVE-2018-8028
An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table...
Code injection
An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table...
CVE-2018-8028
An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table...
CVE-2018-8028
Summary (CVE-2018-8028) : An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without authorization in Apache Sentry prior to version 2.0.1, potentially exposing and removing data from a Sentry-protected partitioned table. The issue is tied to insufficient access control around part...
CVE-2016-0760
Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the 1 reflect, 2 reflect2, or 3 javamethod Hive builtin functions...