SSRF Vulnerability in Apache Ranger UI Version 2.4.0
CVE-2024-45479

9.1CRITICAL

Key Information:

Vendor: Apache
Status: Apache Ranger
Vendor: CVE Published:; 21 January 2025

Summary

A Server-Side Request Forgery (SSRF) vulnerability exists in the Edit Service Page of the Apache Ranger UI, specifically in Apache Ranger Version 2.4.0. This flaw could allow an attacker to manipulate the server into making unintended requests, potentially gaining access to sensitive internal resources. To mitigate this risk, users are strongly advised to upgrade to Apache Ranger Version 2.5.0, where this issue has been addressed.

Affected Version(s)

Apache Ranger 2.4.0 < 2.5.0

References

https://cwiki.apache.org/confluence/display/RANGER/Vulner...

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2025

Credit

Gyujin ([email protected])