Stored XSS Vulnerability in Apache Ranger UI for Apache Software Foundation
CVE-2024-45478

4.8MEDIUM

Key Information:

Vendor: Apache
Status: Apache Ranger
Vendor: CVE Published:; 21 January 2025

Summary

A stored Cross-Site Scripting (XSS) vulnerability has been identified in the Edit Service Page of the Apache Ranger user interface. This flaw allows malicious users to inject arbitrary web scripts into the vulnerable application, potentially compromising the security environment and exposing sensitive data. It is recommended for users operating Apache Ranger version 2.4.0 to upgrade to version 2.5.0 to address this vulnerability effectively. Detailed information can be found on the official Apache Ranger website.

Affected Version(s)

Apache Ranger 2.4.0 < 2.5.0

References

https://cwiki.apache.org/confluence/display/RANGER/Vulner...

vendor-advisory

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 21, 2025

Credit

Gyujin ([email protected])