Design/Logic Flaw

2016-04-1119:59:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.9%

JSON

The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs.

CPENameOperatorVersion
rangerle0.4.0.

CPE	Name	Operator	Version
	ranger	le	0.4.0.

References

www.securityfocus.com/bid/76221

www.slideshare.net/wojdwo/big-problems-with-big-data-hadoop-interfaces-security

cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

mail-archives.apache.org/mod_mbox/ranger-dev/201508.mbox/%3CD1E7EC30.9D53F%[email protected]%3E