Access Control Bypass in Apache Ranger Policy Admin Tool
CVE-2015-5167

6.5MEDIUM

Key Information:

Vendor
Apache
Status
Ranger
Vendor
CVE Published:
12 April 2016

Summary

The Policy Admin Tool in Apache Ranger versions prior to 0.5.1 is vulnerable to an access control bypass, allowing remote authenticated users to circumvent built-in access restrictions via its REST API. This vulnerability poses a significant risk as it could lead to unauthorized access to sensitive data and administrative functions, undermining the integrity and security of the system. Users are encouraged to upgrade to the latest version to mitigate this risk.

References

http://www.securityfocus.com/bid/82871
vdb-entryx_refsource_BID
https://mail-archives.apache.org/mod_mbox/ranger-dev/2016...
mailing-listx_refsource_MLIST
https://cwiki.apache.org/confluence/display/RANGER/Vulner...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.