ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Velmurugan Periasamy <...@apache.org>
Subject CVE update (CVE-2015-5167 & CVE-2016-0733) - Fixed in Ranger 0.5.1
Date Fri, 05 Feb 2016 06:00:53 GMT
Hello:

HereĀ¹s a CVE update for Ranger 0.5.1 release. Please see below details.

Thank you,
Velmurugan Periasamy

--------------------------------------------------------------------------
CVE-2015-5167: Restrict REST API data access for non-admin users
--------------------------------------------------------------------------
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: 0.4.0 and 0.5.0 version of Apache Ranger
Users affected: All users of ranger policy admin tool
Description: Data access restrictions via REST API are not consistent with
restrictions in policy admin UI.
Mitigation: Users should upgrade to Ranger 0.5.1 version
--------------------------------------------------------------------------
CVE-2016-0733: Ranger Admin authentication issue
--------------------------------------------------------------------------
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: 0.4.0 and 0.5.0 version of Apache Ranger
Users affected: All users of ranger policy admin tool
Description: Malicious Users can gain access to ranger admin UI without
proper authentication
Mitigation: Users should upgrade to Ranger 0.5.1 version
--------------------------------------------------------------------------



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message