Описание
Apache Ranger allows users to bypass intended access restrictions via the REST API
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-5167
- https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
- https://mail-archives.apache.org/mod_mbox/ranger-dev/201602.mbox/%3CD2D9A4C5.114ECA%25vel%40apache.org%3E
- https://mail-archives.apache.org/mod_mbox/ranger-dev/201602.mbox/%3CD2D9A4C5.114ECA%25vel@apache.org%3E
- https://web.archive.org/web/20200501000000*/http://www.securityfocus.com/bid/82871
Пакеты
Наименование
org.apache.ranger:ranger
maven
Затронутые версииВерсия исправления
< 0.5.1
0.5.1
Связанные уязвимости
CVSS3: 6.5
nvd
почти 10 лет назад
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.