CVE-2022-45048 – org.apache.ranger:ranger

Package

Manager: maven
Name: org.apache.ranger:ranger
Vulnerable Version: =2.3.0 || >=2.3.0 <2.4.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00031 pctl0.07374

Details

Apache Ranger code execution vulnerability in policy expressions Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.

Metadata

Created: 2023-07-06T21:14:54Z
Modified: 2023-07-06T23:09:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-89gw-cffj-mqg9/GHSA-89gw-cffj-mqg9.json
CWE IDs: ["CWE-74"]
Alternative ID: GHSA-89gw-cffj-mqg9
Finding: F184
Auto approve: 1