In Apache Ranger before 0.6.2, users with “keyadmin” role should not be allowed to change password for users with “admin” role.
[
{
"product": "Apache Ranger",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "0.5.x"
},
{
"status": "affected",
"version": "0.6.0"
},
{
"status": "affected",
"version": "0.6.1"
}
]
}
]