Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmN3EteHFtMy02OTIz
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.
Permalink: https://github.com/advisories/GHSA-rf7q-xqm3-6923JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmN3EteHFtMy02OTIz
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 6 years ago
Updated: almost 2 years ago
CVSS Score: 4.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-rf7q-xqm3-6923, CVE-2016-5395
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-5395
- https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
- https://github.com/advisories/GHSA-rf7q-xqm3-6923
- http://www.securityfocus.com/bid/92577
Affected Packages
maven:org.apache.ranger:ranger
Dependent packages: 0Dependent repositories: 2
Downloads:
Affected Version Ranges: < 0.6.1
Fixed in: 0.6.1
All affected versions: 0.6.0
All unaffected versions: 0.6.1, 0.6.2, 0.6.3, 0.7.0, 0.7.1, 1.0.0, 1.1.0, 1.2.0, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0