MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmN3EteHFtMy02OTIz

Moderate EPSS: 0.00129% (0.33274 Percentile) EPSS:

Permalink JSON

Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML

Affected Packages	Affected Versions	Fixed Versions
maven:org.apache.ranger:ranger	< 0.6.1	0.6.1
0 Dependent packages 2 Dependent repositories Affected Version Ranges All affected versions 0.6.0 All unaffected versions 0.6.1, 0.6.2, 0.6.3, 0.7.0, 0.7.1, 1.0.0, 1.1.0, 1.2.0, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0, 2.6.0

Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.

References:

https://nvd.nist.gov/vuln/detail/CVE-2016-5395
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
https://github.com/advisories/GHSA-rf7q-xqm3-6923
http://www.securityfocus.com/bid/92577

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmN3EteHFtMy02OTIz

Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML

Affected Version Ranges

All affected versions

All unaffected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API