CRITICAL🇵🇱 Wersja polska

CVE-2024-45479

CVSS 9.1v3.1pub. 2025-01-21upd. 2025-06-10

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Apache Ranger

    APP
    Apache
    2.4.0 – 2.5.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SSRF
CWE
References

Related vulnerabilities

CVE-2025-59059CRITICAL9.8PL ✓ten sam produkt

RCE w Apache Ranger poprzez NashornScriptEngineCreator

CVE-2024-55532CRITICAL9.8PL ✓ten sam produkt

CSV Injection w funkcji eksportu Apache Ranger (wersje < 2.6.0)

CVE-2017-7676CRITICAL9.8ten sam produkt

Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like m...

CVE-2016-0733CRITICAL9.8ten sam produkt

The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a passwo...

CVE-2021-40331HIGH8.1ten sam produkt

An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plu...