Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
Apache Software Foundation Apache Ranger

Version 0.5.x

OTHER 4 CVEs

Known Vulnerabilities

CVE-2016-6815

In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.

UNKNOWN Published Oct 13, 2017

CVE-2016-8751

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.

UNKNOWN Published Jun 14, 2017

CVE-2017-7676

Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior.

UNKNOWN Published Jun 14, 2017

CVE-2017-7677

In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.

UNKNOWN Published Jun 14, 2017