Описание
Apache Ranger Access Restriction Bypass
Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy.
Пакеты
Наименование
org.apache.ranger:ranger
maven
Затронутые версииВерсия исправления
>= 0.5.0, < 0.5.2
0.5.2
Связанные уязвимости
CVSS3: 8.8
nvd
больше 9 лет назад
Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy.