Known Vulnerabilities
CVE-2016-8751
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.
UNKNOWN
Published Jun 14, 2017
CVE-2016-8746
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.
UNKNOWN
Published Jun 14, 2017