ranger is vulnerable to permission checking bypass. The vulnerability exists because RangerHiveAuthorizer.java
fails to check for RWX permissions when an external location is used to create hive tables.
CPE | Name | Operator | Version |
---|---|---|---|
ranger | le | 0.7.0 | |
hive security plugin | le | 0.7.0 |
seclists.org/oss-sec/2017/q2/432
www.securityfocus.com/bid/98961
cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
github.com/apache/ranger/compare/dffbad4af43018438faf00b156acf593ab47839c...2e193e124399cf685c17798b8243e1d62f223315
issues.apache.org/jira/browse/RANGER-1619
issues.apache.org/jira/browse/RANGER-1631