oss-sec mailing list archives
CVE update (CVE-2015-5167 & CVE-2016-0733) - Fixed in Ranger 0.5.1
From: Velmurugan Periasamy <vel () apache org>
Date: Fri, 05 Feb 2016 01:00:53 -0500
Hello: HereĀ¹s a CVE update for Ranger 0.5.1 release. Please see below details. Thank you, Velmurugan Periasamy -------------------------------------------------------------------------- CVE-2015-5167: Restrict REST API data access for non-admin users -------------------------------------------------------------------------- Severity: Important Vendor: The Apache Software Foundation Versions Affected: 0.4.0 and 0.5.0 version of Apache Ranger Users affected: All users of ranger policy admin tool Description: Data access restrictions via REST API are not consistent with restrictions in policy admin UI. Mitigation: Users should upgrade to Ranger 0.5.1 version -------------------------------------------------------------------------- CVE-2016-0733: Ranger Admin authentication issue -------------------------------------------------------------------------- Severity: Important Vendor: The Apache Software Foundation Versions Affected: 0.4.0 and 0.5.0 version of Apache Ranger Users affected: All users of ranger policy admin tool Description: Malicious Users can gain access to ranger admin UI without proper authentication Mitigation: Users should upgrade to Ranger 0.5.1 version --------------------------------------------------------------------------
Current thread:
- CVE update (CVE-2015-5167 & CVE-2016-0733) - Fixed in Ranger 0.5.1 Velmurugan Periasamy (Feb 05)