Vulnerabilites related to Apache Software Foundation - Apache Ranger
cve-2016-8751
Vulnerability from cvelistv5
Published
2017-06-14 17:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99067 | vdb-entry, x_refsource_BID | |
| https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Ranger |
Version: 0.5.x Version: 0.6.0 - 0.6.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:00.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99067",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99067"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Ranger",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.5.x"
},
{
"status": "affected",
"version": "0.6.0 - 0.6.2"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-20T19:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "99067",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99067"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2016-8751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Ranger",
"version": {
"version_data": [
{
"version_value": "0.5.x"
},
{
"version_value": "0.6.0 - 0.6.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99067"
},
{
"name": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger",
"refsource": "CONFIRM",
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2016-8751",
"datePublished": "2017-06-14T17:00:00",
"dateReserved": "2016-10-18T00:00:00",
"dateUpdated": "2024-08-06T02:35:00.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45478
Vulnerability from cvelistv5
Published
2025-01-21 21:25
Modified
2025-01-22 18:52
Severity ?
EPSS score ?
Summary
Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0.
Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Ranger |
Version: 2.4.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-01-21T22:02:48.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/21/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T18:43:51.825307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T18:52:12.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Ranger",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.5.0",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gyujin (biz@web-us.kr)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0.\u003cbr\u003eUsers are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue."
}
],
"value": "Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0.\nUsers are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T21:25:58.276Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-45478",
"datePublished": "2025-01-21T21:25:58.276Z",
"dateReserved": "2024-08-29T14:30:58.496Z",
"dateUpdated": "2025-01-22T18:52:12.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11778
Vulnerability from cvelistv5
Published
2018-10-05 19:00
Modified
2024-09-17 03:18
Severity ?
EPSS score ?
Summary
UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0
References
| ▼ | URL | Tags |
|---|---|---|
| https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger | x_refsource_CONFIRM | |
| https://seclists.org/oss-sec/2018/q4/11 | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/r04bc435a92911de4b52d2b98f169bd7cf2e8bbeb53b03788df8f932c%40%3Cdev.ranger.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/rd88077a781ef38f7687c100f93992f4dda8aa101925050c4af470998%40%3Cdev.ranger.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Ranger |
Version: prior to 1.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:09.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
},
{
"name": "[oss-security] 20181004 CVE update - fixed in Apache Ranger 1.2.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2018/q4/11"
},
{
"name": "[ranger-dev] 20200121 [jira] [Resolved] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r04bc435a92911de4b52d2b98f169bd7cf2e8bbeb53b03788df8f932c%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200121 [jira] [Commented] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd88077a781ef38f7687c100f93992f4dda8aa101925050c4af470998%40%3Cdev.ranger.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Ranger",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "prior to 1.2.0"
}
]
}
],
"datePublic": "2018-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T15:06:15",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
},
{
"name": "[oss-security] 20181004 CVE update - fixed in Apache Ranger 1.2.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://seclists.org/oss-sec/2018/q4/11"
},
{
"name": "[ranger-dev] 20200121 [jira] [Resolved] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r04bc435a92911de4b52d2b98f169bd7cf2e8bbeb53b03788df8f932c%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200121 [jira] [Commented] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd88077a781ef38f7687c100f93992f4dda8aa101925050c4af470998%40%3Cdev.ranger.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-10-04T00:00:00",
"ID": "CVE-2018-11778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Ranger",
"version": {
"version_data": [
{
"version_value": "prior to 1.2.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger",
"refsource": "CONFIRM",
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
},
{
"name": "[oss-security] 20181004 CVE update - fixed in Apache Ranger 1.2.0",
"refsource": "MLIST",
"url": "https://seclists.org/oss-sec/2018/q4/11"
},
{
"name": "[ranger-dev] 20200121 [jira] [Resolved] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r04bc435a92911de4b52d2b98f169bd7cf2e8bbeb53b03788df8f932c@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200121 [jira] [Commented] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd88077a781ef38f7687c100f93992f4dda8aa101925050c4af470998@%3Cdev.ranger.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-11778",
"datePublished": "2018-10-05T19:00:00Z",
"dateReserved": "2018-06-05T00:00:00",
"dateUpdated": "2024-09-17T03:18:51.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7677
Vulnerability from cvelistv5
Published
2017-06-14 17:00
Modified
2024-08-05 16:12
Severity ?
EPSS score ?
Summary
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98961 | vdb-entry, x_refsource_BID | |
| https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Ranger |
Version: 0.5.x Version: 0.6.x Version: 0.7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98961",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Ranger",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.5.x"
},
{
"status": "affected",
"version": "0.6.x"
},
{
"status": "affected",
"version": "0.7.0"
}
]
}
],
"datePublic": "2017-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-15T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "98961",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-7677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Ranger",
"version": {
"version_data": [
{
"version_value": "0.5.x"
},
{
"version_value": "0.6.x"
},
{
"version_value": "0.7.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98961",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98961"
},
{
"name": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger",
"refsource": "CONFIRM",
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-7677",
"datePublished": "2017-06-14T17:00:00",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-08-05T16:12:27.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45479
Vulnerability from cvelistv5
Published
2025-01-21 21:26
Modified
2025-01-27 21:06
Severity ?
EPSS score ?
Summary
SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0.
Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Ranger |
Version: 2.4.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-01-21T22:02:49.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/21/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:43:56.539586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T21:06:38.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Ranger",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.5.0",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gyujin (biz@web-us.kr)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0.\u003cbr\u003eUsers are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue."
}
],
"value": "SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0.\nUsers are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T21:26:16.500Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-45479",
"datePublished": "2025-01-21T21:26:16.500Z",
"dateReserved": "2024-08-29T14:51:06.723Z",
"dateUpdated": "2025-01-27T21:06:38.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6815
Vulnerability from cvelistv5
Published
2017-10-13 14:00
Modified
2024-09-17 04:14
Severity ?
EPSS score ?
Summary
In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94221 | vdb-entry, x_refsource_BID | |
| https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Ranger |
Version: 0.5.x Version: 0.6.0 Version: 0.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:37.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94221",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Ranger",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.5.x"
},
{
"status": "affected",
"version": "0.6.0"
},
{
"status": "affected",
"version": "0.6.1"
}
]
}
],
"datePublic": "2016-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache Ranger before 0.6.2, users with \"keyadmin\" role should not be allowed to change password for users with \"admin\" role."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-14T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "94221",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2016-11-06T00:00:00",
"ID": "CVE-2016-6815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Ranger",
"version": {
"version_data": [
{
"version_value": "0.5.x"
},
{
"version_value": "0.6.0"
},
{
"version_value": "0.6.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Ranger before 0.6.2, users with \"keyadmin\" role should not be allowed to change password for users with \"admin\" role."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94221"
},
{
"name": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger",
"refsource": "CONFIRM",
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2016-6815",
"datePublished": "2017-10-13T14:00:00Z",
"dateReserved": "2016-08-12T00:00:00",
"dateUpdated": "2024-09-17T04:14:03.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12397
Vulnerability from cvelistv5
Published
2019-08-08 17:06
Modified
2024-08-04 23:17
Severity ?
EPSS score ?
Summary
Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2019/08/08/1 | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/ab2de1adad96f5dbd19d976b28715dfc60dbe75e82a74f48be8ef695%40%3Cdev.ranger.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/cbc6346708ef2b9ffb2555637311bf6294923c609c029389fa39de8f%40%3Cdev.ranger.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/r04bc435a92911de4b52d2b98f169bd7cf2e8bbeb53b03788df8f932c%40%3Cdev.ranger.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/rd88077a781ef38f7687c100f93992f4dda8aa101925050c4af470998%40%3Cdev.ranger.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Ranger |
Version: 0.7.0 to 1.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:40.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
},
{
"name": "[oss-security] 20190808 CVE update - fixed in Apache Ranger 2.0.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/08/1"
},
{
"name": "[ranger-dev] 20191229 [jira] [Created] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ab2de1adad96f5dbd19d976b28715dfc60dbe75e82a74f48be8ef695%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20191229 [jira] [Updated] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/cbc6346708ef2b9ffb2555637311bf6294923c609c029389fa39de8f%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200121 [jira] [Resolved] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r04bc435a92911de4b52d2b98f169bd7cf2e8bbeb53b03788df8f932c%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200121 [jira] [Commented] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd88077a781ef38f7687c100f93992f4dda8aa101925050c4af470998%40%3Cdev.ranger.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Ranger",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.7.0 to 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T15:06:15",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
},
{
"name": "[oss-security] 20190808 CVE update - fixed in Apache Ranger 2.0.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/08/1"
},
{
"name": "[ranger-dev] 20191229 [jira] [Created] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ab2de1adad96f5dbd19d976b28715dfc60dbe75e82a74f48be8ef695%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20191229 [jira] [Updated] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/cbc6346708ef2b9ffb2555637311bf6294923c609c029389fa39de8f%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200121 [jira] [Resolved] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r04bc435a92911de4b52d2b98f169bd7cf2e8bbeb53b03788df8f932c%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200121 [jira] [Commented] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd88077a781ef38f7687c100f93992f4dda8aa101925050c4af470998%40%3Cdev.ranger.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-12397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Ranger",
"version": {
"version_data": [
{
"version_value": "0.7.0 to 1.2.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger",
"refsource": "CONFIRM",
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
},
{
"name": "[oss-security] 20190808 CVE update - fixed in Apache Ranger 2.0.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/08/08/1"
},
{
"name": "[ranger-dev] 20191229 [jira] [Created] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ab2de1adad96f5dbd19d976b28715dfc60dbe75e82a74f48be8ef695@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20191229 [jira] [Updated] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/cbc6346708ef2b9ffb2555637311bf6294923c609c029389fa39de8f@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200121 [jira] [Resolved] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r04bc435a92911de4b52d2b98f169bd7cf2e8bbeb53b03788df8f932c@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ranger-dev] 20200121 [jira] [Commented] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd88077a781ef38f7687c100f93992f4dda8aa101925050c4af470998@%3Cdev.ranger.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-12397",
"datePublished": "2019-08-08T17:06:43",
"dateReserved": "2019-05-28T00:00:00",
"dateUpdated": "2024-08-04T23:17:40.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-45048
Vulnerability from cvelistv5
Published
2023-05-05 07:50
Modified
2024-10-15 18:12
Severity ?
EPSS score ?
Summary
Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/6rpzwy1smdhr60tsh1ydknn3kdm45bb6 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Ranger |
Version: 2.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/6rpzwy1smdhr60tsh1ydknn3kdm45bb6"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:ranger:2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ranger",
"vendor": "apache",
"versions": [
{
"status": "affected",
"version": "2.3.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T18:11:38.936548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:12:43.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Ranger",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.3.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "g1831767442@163.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability.\u0026nbsp;This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability.\u00a0This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-05T07:50:25.762Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/6rpzwy1smdhr60tsh1ydknn3kdm45bb6"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Ranger: code execution vulnerability in policy expressions",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-45048",
"datePublished": "2023-05-05T07:50:25.762Z",
"dateReserved": "2022-11-08T10:32:53.853Z",
"dateUpdated": "2024-10-15T18:12:43.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7676
Vulnerability from cvelistv5
Published
2017-06-14 17:00
Modified
2024-08-05 16:12
Severity ?
EPSS score ?
Summary
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98958 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Ranger |
Version: 0.5.x Version: 0.6.x Version: 0.7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
},
{
"name": "98958",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98958"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Ranger",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.5.x"
},
{
"status": "affected",
"version": "0.6.x"
},
{
"status": "affected",
"version": "0.7.0"
}
]
}
],
"datePublic": "2017-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after \u0027*\u0027 wildcard character - like my*test, test*.txt. This can result in unintended behavior."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-15T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
},
{
"name": "98958",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98958"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-7676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Ranger",
"version": {
"version_data": [
{
"version_value": "0.5.x"
},
{
"version_value": "0.6.x"
},
{
"version_value": "0.7.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after \u0027*\u0027 wildcard character - like my*test, test*.txt. This can result in unintended behavior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger",
"refsource": "CONFIRM",
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
},
{
"name": "98958",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98958"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-7676",
"datePublished": "2017-06-14T17:00:00",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-08-05T16:12:27.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8746
Vulnerability from cvelistv5
Published
2017-06-14 17:00
Modified
2024-08-06 02:34
Severity ?
EPSS score ?
Summary
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95998 | vdb-entry, x_refsource_BID | |
| https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Ranger |
Version: 0.6.0 - 0.6.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:34:59.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95998",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95998"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Ranger",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.6.0 - 0.6.2"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-15T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "95998",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95998"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2016-8746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Ranger",
"version": {
"version_data": [
{
"version_value": "0.6.0 - 0.6.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95998",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95998"
},
{
"name": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger",
"refsource": "CONFIRM",
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2016-8746",
"datePublished": "2017-06-14T17:00:00",
"dateReserved": "2016-10-18T00:00:00",
"dateUpdated": "2024-08-06T02:34:59.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}