CVE-2016-5395 – org.apache.ranger:ranger

Package

Manager: maven
Name: org.apache.ranger:ranger
Vulnerable Version: >=0 <0.6.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00129 pctl0.33187

Details

Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.

Metadata

Created: 2018-10-17T17:21:37Z
Modified: 2022-04-27T13:48:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-rf7q-xqm3-6923/GHSA-rf7q-xqm3-6923.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-rf7q-xqm3-6923
Finding: F425
Auto approve: 1