Ranger Security Vulnerabilities and Issues — Ranger CVE List

Lucene search

ApacheRanger

4 matches found

CVE•added 2018/10/05 7:29 p.m.•61 views

CVE-2018-11778

UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0

8.8CVSS8.7AI score0.01015EPSS

CVE•added 2023/05/05 8:15 a.m.•54 views

CVE-2022-45048

Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.

8.8CVSS8.9AI score0.00031EPSS

CVE•added 2016/04/11 7:59 p.m.•35 views

CVE-2016-0735

Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy.

8.8CVSS8.3AI score0.00145EPSS

CVE•added 2023/05/05 8:15 a.m.•30 views

CVE-2021-40331

An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabledThis issue affects Apache Ranger Hive Plugin: from 2....

8.1CVSS8.1AI score0.0009EPSS