Stored Cross-Site Scripting Vulnerability in Apache Ranger
CVE-2016-8751

4.8MEDIUM

Key Information:

Vendor: Apache
Status: Apache Ranger
Vendor: CVE Published:; 14 June 2017

Summary

Apache Ranger versions prior to 0.6.3 are susceptible to a stored cross-site scripting (XSS) vulnerability. This flaw allows admin users to input and store arbitrary JavaScript within custom policy conditions. When regular users log in and interact with the policies, the injected script could execute, potentially compromising user sessions and sensitive information. Addressing this issue is crucial to ensuring the security and integrity of the application.

Affected Version(s)

Apache Ranger 0.5.x

Apache Ranger 0.6.0 - 0.6.2

References

http://www.securityfocus.com/bid/99067

vdb-entryx_refsource_BID

https://cwiki.apache.org/confluence/display/RANGER/Vulner...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 14, 2017
Vulnerability Reserved
Oct 18, 2016