CRITICAL9.8CVE-2017-7676Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character from 0, < 0.7.1
CRITICAL9.8CVE-2016-0733The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password from 0, < 0.5.1
CRITICAL9.1CVE-2024-45479Apache Ranger UI vulnerable to Server Side Request Forgery from 0, < 2.5.0
HIGH8.8Apache Ranger code execution vulnerability in policy expressions
>= 2.3.0, < 2.4.0
HIGH8.8Apache Ranger Access Restriction Bypass
>= 0.5.0, < 0.5.2
HIGH8.8UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow
from 0, < 1.2.0
HIGH7.2SQL injection vulnerability in the policy admin tool in Apache Ranger
from 0, < 0.5.3
HIGH7.1Apache Ranger allows users to bypass intended access restrictions via direct access to module URLs
from 0, < 0.5.0
MEDIUM6.5Apache Ranger allows users to bypass intended access restrictions via the REST API
from 0, < 0.5.1
MEDIUM6.5Moderate severity vulnerability that affects org.apache.ranger:ranger
from 0, < 0.6.2
MEDIUM6.1Apache Ranger Cross-site Scripting vulnerability
from 0, < 0.5.0
MEDIUM6.1Cross-site scripting in Apache Ranger
>= 0.7.0, < 2.0.0
MEDIUM5.9Moderate severity vulnerability that affects org.apache.ranger:ranger
from 0, < 0.7.1
MEDIUM4.8Apache Ranger has Stored Cross-site Scripting vulnerability in Edit Service Page
from 0, < 2.5.0
MEDIUM4.8Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies
from 0, < 0.6.3
MEDIUM4.8Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
from 0, < 0.6.1