Lucene search
ApacheCVE-2022-45048HistoryMay 05, 2023 - 8:15 a.m.
CVE-2022-45048
2023-05-0508:15:09
CWE-74
apache
web.nvd.nist.gov
30
cve-2022-45048
apache ranger
code execution
vulnerability
update
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
36.9%
Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability.Β This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.
Affected configurations
Node
apacherangerMatch2.3.0
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Ranger",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.3.0"
}
]
}
]Related
osv
osv
CVE-2022-45048
2023-05-05 08:15:09
Apache Ranger code execution vulnerability in policy expressions
2023-07-06 21:14:54
nvd
nvd
CVE-2022-45048
2023-05-05 08:15:09
prion
prion
Remote code execution
2023-05-05 08:15:00
github
github
Apache Ranger code execution vulnerability in policy expressions
2023-07-06 21:14:54
cvelist
cvelist
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
36.9%
Related for CVE-2022-45048