Lucene search

GitHub Advisory DatabaseGHSA-VHXC-8JJQ-859J

HistoryOct 17, 2018 - 5:21 p.m.

Moderate severity vulnerability that affects org.apache.ranger:ranger

2018-10-1717:21:44

GitHub Advisory Database

github.com

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

36.6%

JSON

In Apache Ranger before 0.6.2, users with “keyadmin” role should not be allowed to change password for users with “admin” role.

Affected configurations

Vulners

Node

org.apache.ranger\Matchranger

CPENameOperatorVersion
org.apache.ranger:rangerlt0.6.2

CPE	Name	Operator	Version
	org.apache.ranger:ranger	lt	0.6.2

References

www.securityfocus.com/bid/94221

cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

github.com/advisories/GHSA-vhxc-8jjq-859j

nvd.nist.gov/vuln/detail/CVE-2016-6815

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

36.6%

JSON

Related for GHSA-VHXC-8JJQ-859J