CVE-2015-0266 – org.apache.ranger:ranger

Package

Manager: maven
Name: org.apache.ranger:ranger
Vulnerable Version: >=0 <0.5.0

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00113 pctl0.30599

Details

Apache Ranger allows users to bypass intended access restrictions via direct access to module URLs The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs.

Metadata

Created: 2022-05-17T03:57:19Z
Modified: 2025-04-14T20:49:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7ccv-hhvc-62hg/GHSA-7ccv-hhvc-62hg.json
CWE IDs: ["CWE-639", "CWE-863"]
Alternative ID: GHSA-7ccv-hhvc-62hg
Finding: F039
Auto approve: 1