Vulnerability Details : CVE-2015-0266
Potential exploit
The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs.
Products affected by CVE-2015-0266
- cpe:2.3:a:apache:ranger:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0266
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0266
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
7.1
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N |
2.8
|
4.2
|
NIST |
CWE ids for CVE-2015-0266
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0266
-
https://mail-archives.apache.org/mod_mbox/ranger-dev/201508.mbox/%3CD1E7EC30.9D53F%25vel%40apache.org%3E
-
https://mail-archives.apache.org/mod_mbox/ranger-dev/201508.mbox/%3CD1E7EC30.9D53F%25vel@apache.org%3E
CVEs fixed in Ranger 0.5
-
http://www.securityfocus.com/bid/76221
Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
-
http://www.slideshare.net/wojdwo/big-problems-with-big-data-hadoop-interfaces-security
Big problems with big data – Hadoop interfaces securityExploit
-
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
Vulnerabilities found in Ranger - Ranger - Apache Software FoundationVendor Advisory
Jump to