Access Control Bypass in Apache Ranger's Policy Admin Tool
CVE-2015-0266

7.1HIGH

Key Information:

Vendor

Apache
Status
Ranger
Vendor
CVE Published:
11 April 2016

What is CVE-2015-0266?

The Policy Admin Tool in Apache Ranger prior to version 0.5.0 contains a vulnerability that permits remote authenticated users to circumvent intended access restrictions. This flaw is due to inadequate checks on module URLs, enabling unauthorized actions that could compromise system security. It's crucial for users to update to the latest version to mitigate this vulnerability effectively.

References

https://mail-archives.apache.org/mod_mbox/ranger-dev/2015...
mailing-listx_refsource_MLIST
http://www.slideshare.net/wojdwo/big-problems-with-big-da...
x_refsource_MISC
http://www.securityfocus.com/bid/76221
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.