CVE-2015-5167
MEDIUMApache Ranger < 0.5.1 - Authenticated Access Control Bypass via REST API
Title source: llmDescription
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/82871
Various Sources mailing-list
x_refsource_mlist
https://mail-archives.apache.org/mod_mbox/ranger-dev/201602.mbox/%3CD2D9A4C5.114ECA%25vel%40apache.org%3E
Vendor Advisory x_refsource_confirm
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
Scores
CVSS v3
6.5
EPSS
0.0016
EPSS Percentile
36.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-264
Status
published
Products (2)
apache/ranger
< 0.5.0
org.apache.ranger/ranger
0 - 0.5.1Maven
Published
Apr 12, 2016
Tracked Since
Feb 18, 2026