CVE-2015-5167 – org.apache.ranger:ranger

Package

Manager: maven
Name: org.apache.ranger:ranger
Vulnerable Version: >=0 <0.5.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00167 pctl0.38293

Details

Apache Ranger allows users to bypass intended access restrictions via the REST API The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.

Metadata

Created: 2022-05-17T03:57:16Z
Modified: 2025-04-14T20:50:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qqg7-gcxw-gmj3/GHSA-qqg7-gcxw-gmj3.json
CWE IDs: ["CWE-863"]
Alternative ID: GHSA-qqg7-gcxw-gmj3
Finding: F006
Auto approve: 1