3 matches found
CVE-2017-7676
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character - like mytest, test.txt. This can result in unintended behavior...
CVE-2017-7676
Apache Ranger policy resource matching (before 0.7.1) ignores characters after the asterisk wildcard, e.g., mytest, test .txt, which can lead to unintended behavior and policy evaluation bypass risks. Affected versions: Ranger before 0.7.1. The issue is addressed in Ranger 0.7.1 (fixes to wildcar...
Apache Ranger 0.5.x / 0.6.x / 0.7.0 Policy Miss / Permission Check Vulnerability
Apache Ranger versions prior to 0.7.1 suffer from issues where policy evaluation ignores characters after the asterisk wildcard character and the Hive Authorizer fails to check for RWX permission when an external location is specified. Hello: Please find below details on CVEs fixed in Ranger 0.7....