CVE-2024-45478 – org.apache.ranger:ranger

Package

Manager: maven
Name: org.apache.ranger:ranger
Vulnerable Version: >=0 <2.5.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00186 pctl0.4063

Details

Apache Ranger has Stored Cross-site Scripting vulnerability in Edit Service Page Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

Metadata

Created: 2025-01-22T00:33:35Z
Modified: 2025-06-10T20:40:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-vrx2-mgr9-v67h/GHSA-vrx2-mgr9-v67h.json
CWE IDs: ["CWE-20", "CWE-79"]
Alternative ID: GHSA-vrx2-mgr9-v67h
Finding: F425
Auto approve: 1