Permission Checking Bypass

2017-06-0806:50:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

29.7%

JSON

ranger is vulnerable to permission checking bypass. The vulnerability exists because RangerHiveAuthorizer.java fails to check for RWX permissions when an external location is used to create hive tables.

CPENameOperatorVersion
rangerle0.7.0
hive security pluginle0.7.0

CPE	Name	Operator	Version
	ranger	le	0.7.0
	hive security plugin	le	0.7.0

References

seclists.org/oss-sec/2017/q2/432

www.securityfocus.com/bid/98961

cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

github.com/apache/ranger/compare/dffbad4af43018438faf00b156acf593ab47839c...2e193e124399cf685c17798b8243e1d62f223315

issues.apache.org/jira/browse/RANGER-1619

issues.apache.org/jira/browse/RANGER-1631

0.001 Low

EPSS

Percentile

29.7%

JSON

Related for VERACODE:4405