Описание
Apache Ranger allows users to bypass intended access restrictions via direct access to module URLs
The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-0266
- https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
- https://mail-archives.apache.org/mod_mbox/ranger-dev/201508.mbox/%3CD1E7EC30.9D53F%25vel%40apache.org%3E
- https://mail-archives.apache.org/mod_mbox/ranger-dev/201508.mbox/%3CD1E7EC30.9D53F%25vel@apache.org%3E
- https://web.archive.org/web/20200228073944/http://www.securityfocus.com/bid/76221
- http://www.slideshare.net/wojdwo/big-problems-with-big-data-hadoop-interfaces-security
Пакеты
Наименование
org.apache.ranger:ranger
maven
Затронутые версииВерсия исправления
< 0.5.0
0.5.0
Связанные уязвимости
CVSS3: 7.1
nvd
почти 10 лет назад
The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs.