Cross-Site Scripting Vulnerability in Apache Ranger's Policy Admin Tool
CVE-2015-0265

6.1MEDIUM

Key Information:

Vendor
Apache
Status
Ranger
Vendor
CVE Published:
11 April 2016

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the Policy Admin Tool of Apache Ranger before version 0.5.0. This vulnerability allows remote attackers to craft malicious HTTP requests with a specially constructed User-Agent header. By exploiting this security flaw, attackers can inject arbitrary web scripts or HTML, which may lead to unauthorized actions, data exfiltration, or the compromise of user sessions. Monitoring and patching is critical to safeguard your systems against such vulnerabilities.

References

https://mail-archives.apache.org/mod_mbox/ranger-dev/2015...
mailing-listx_refsource_MLIST
http://www.slideshare.net/wojdwo/big-problems-with-big-da...
x_refsource_MISC
https://cwiki.apache.org/confluence/display/RANGER/Vulner...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.