CVE-2024-45479 – org.apache.ranger:ranger

Package

Manager: maven
Name: org.apache.ranger:ranger
Vulnerable Version: >=0 <2.5.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0013 pctl0.33257

Details

Apache Ranger UI vulnerable to Server Side Request Forgery SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

Metadata

Created: 2025-01-22T00:33:36Z
Modified: 2025-06-10T14:52:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-g9gf-g5jq-9h3v/GHSA-g9gf-g5jq-9h3v.json
CWE IDs: ["CWE-20", "CWE-918"]
Alternative ID: GHSA-g9gf-g5jq-9h3v
Finding: F184
Auto approve: 1