Vulnerabilities > Apache > Ranger

DATE CVE VULNERABILITY TITLE RISK
2023-05-05 CVE-2021-40331 Unspecified vulnerability in Apache Ranger
An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin.
network
low complexity
apache
8.1
2023-05-05 CVE-2022-45048 Unspecified vulnerability in Apache Ranger 2.3.0
Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0.
network
low complexity
apache
8.8
2019-08-08 CVE-2019-12397 Cross-site Scripting vulnerability in Apache Ranger
Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue.
network
low complexity
apache CWE-79
6.1
2018-10-05 CVE-2018-11778 Out-of-bounds Write vulnerability in Apache Ranger
UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow.
network
low complexity
apache CWE-787
8.8
2017-10-13 CVE-2016-6815 Credentials Management vulnerability in Apache Ranger
In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.
network
low complexity
apache CWE-255
6.5
2017-06-14 CVE-2017-7677 Missing Authorization vulnerability in Apache Ranger
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.
network
high complexity
apache CWE-862
5.9
2017-06-14 CVE-2017-7676 Improper Input Validation vulnerability in Apache Ranger
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt.
network
low complexity
apache CWE-20
critical
9.8
2017-06-14 CVE-2016-8751 Cross-site Scripting vulnerability in Apache Ranger
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions.
network
low complexity
apache CWE-79
4.8
2017-06-14 CVE-2016-8746 Untrusted Search Path vulnerability in Apache Ranger
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.
network
high complexity
apache CWE-426
5.9
2016-09-26 CVE-2016-5395 Cross-site Scripting vulnerability in Apache Ranger
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.
network
low complexity
apache CWE-79
4.8