Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh2N3gteDZ3ci14eDdn
Apache Ranger policy engine incorrectly matches paths in certain conditions
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.
Permalink: https://github.com/advisories/GHSA-xv7x-x6wr-xx7gJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh2N3gteDZ3ci14eDdn
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 5 years ago
Updated: 5 months ago
CVSS Score: 5.9
CVSS vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-xv7x-x6wr-xx7g, CVE-2016-8746
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-8746
- https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
- https://github.com/advisories/GHSA-xv7x-x6wr-xx7g
- http://www.securityfocus.com/bid/95998
- https://github.com/apache/ranger/commit/2fcd7f7cc175c0734443638b99c359e24c0f88ff
Blast Radius: 14.6
Affected Packages
maven:org.apache.ranger:ranger-plugins-common
Dependent packages: 60Dependent repositories: 294
Downloads:
Affected Version Ranges: < 0.6.3
Fixed in: 0.6.3
All affected versions: 0.6.0, 0.6.1, 0.6.2
All unaffected versions: 0.6.3, 0.7.0, 0.7.1, 1.0.0, 1.1.0, 1.2.0, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0