CVE-2015-0266
HIGHApache Ranger < 0.5.0 - Authenticated Access Control Bypass via Direct Module URL Access
Title source: llmDescription
The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76221
Vendor Advisory x_refsource_confirm
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
Various Sources mailing-list
x_refsource_mlist
https://mail-archives.apache.org/mod_mbox/ranger-dev/201508.mbox/%3CD1E7EC30.9D53F%25vel%40apache.org%3E
Exploit x_refsource_misc
http://www.slideshare.net/wojdwo/big-problems-with-big-data-hadoop-interfaces-security
Scores
CVSS v3
7.1
EPSS
0.0011
EPSS Percentile
29.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Details
CWE
CWE-264
Status
published
Products (2)
apache/ranger
< 0.4.0.
org.apache.ranger/ranger
0 - 0.5.0Maven
Published
Apr 11, 2016
Tracked Since
Feb 18, 2026