CVE-2016-8746 – org.apache.ranger:ranger-plugins-common

Package

Manager: maven
Name: org.apache.ranger:ranger-plugins-common
Vulnerable Version: >=0 <0.6.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00538 pctl0.66579

Details

Apache Ranger policy engine incorrectly matches paths in certain conditions Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.

Metadata

Created: 2018-10-17T17:22:05Z
Modified: 2023-11-21T11:56:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-xv7x-x6wr-xx7g/GHSA-xv7x-x6wr-xx7g.json
CWE IDs: ["CWE-426"]
Alternative ID: GHSA-xv7x-x6wr-xx7g
Finding: F297
Auto approve: 1