Ranger Security Vulnerabilities and Issues — Ranger CVE List

Lucene search

ApacheRanger

4 matches found

CVE•added 2019/08/08 6:15 p.m.•67 views

CVE-2019-12397

Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix.

6.1CVSS5.9AI score0.02085EPSS

CVE•added 2017/10/13 2:29 p.m.•62 views

CVE-2016-6815

In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.

6.5CVSS6.5AI score0.00495EPSS

CVE•added 2016/04/11 7:59 p.m.•44 views

CVE-2015-0265

Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header.

6.1CVSS6AI score0.02013EPSS

CVE•added 2016/04/12 2:59 p.m.•37 views

CVE-2015-5167

The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.

6.5CVSS6.1AI score0.00167EPSS