ranger · threatengine.sh

CVE-2025-59060

< 2.8.0

Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions <= 2.7.0.

5.3MEDIUM

CVE-2025-59059

< 2.8.0

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0. Users are recomm

9.8CRITICAL

CVE-2024-55532

< 2.6.0

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are rec

9.8CRITICAL

CVE-2024-45479

>= 2.4.0 and < 2.5.0

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to ve

9.1CRITICAL

CVE-2024-45478

>= 2.4.0 and < 2.5.0

Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade

4.8MEDIUM

CVE-2022-45048

all versions

Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerabili

8.4HIGH

CVE-2021-40331

>= 2.0.0 and <= 2.3.0

An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with S

8.1HIGH

CVE-2019-12397

>= 0.7.0 and <= 1.2.0

Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or lat

6.1MEDIUM

CVE-2018-11778

< 1.2.0

UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow.

8.8HIGH

CVE-2016-6815

all versions

In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.

6.5MEDIUM

CVE-2017-7677

<= 0.7.0

In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX p

5.9MEDIUM

CVE-2017-7676

<= 0.7.0

Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character - like mytest, test*.txt. T

9.8CRITICAL

CVE-2016-8751

< 0.6.3

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users c

4.8MEDIUM

CVE-2016-8746

<= 0.6.2

Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards an

5.9MEDIUM

CVE-2016-5395

<= 0.5.0

Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 a

4.8MEDIUM

CVE-2016-2174

all versions

SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to e

7.2HIGH

CVE-2016-0733

<= 0.5.0

The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows rem

9.8CRITICAL

CVE-2015-5167

<= 0.5.0

The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via t

6.5MEDIUM

CVE-2016-0735

all versions

Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by

8.8HIGH

CVE-2015-0266

<= 0.4.0.

The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via d

7.1HIGH

CVE-2015-0265

<= 0.4.0

Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject

6.1MEDIUM

apache ranger