Access Control Bypass in Apache Ranger's Policy Admin Tool
CVE-2015-0266
7.1HIGH
Summary
The Policy Admin Tool in Apache Ranger prior to version 0.5.0 contains a vulnerability that permits remote authenticated users to circumvent intended access restrictions. This flaw is due to inadequate checks on module URLs, enabling unauthorized actions that could compromise system security. It's crucial for users to update to the latest version to mitigate this vulnerability effectively.
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved