CVE-2015-0266: Apache Ranger allows users to bypass intended access restrictions via direct access to module URLs
(updated )
The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs.
References
- cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
- github.com/advisories/GHSA-7ccv-hhvc-62hg
- github.com/apache/ranger
- mail-archives.apache.org/mod_mbox/ranger-dev/201508.mbox/%3CD1E7EC30.9D53F%25vel%40apache.org%3E
- mail-archives.apache.org/mod_mbox/ranger-dev/201508.mbox/%3CD1E7EC30.9D53F%25vel@apache.org%3E
- nvd.nist.gov/vuln/detail/CVE-2015-0266
- web.archive.org/web/20200228073944/http://www.securityfocus.com/bid/76221
Code Behaviors & Features
Detect and mitigate CVE-2015-0266 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →