Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue.
The vulnerability lies in the failure to properly neutralize so-called formula elements before placing data in the generated CSV file. A malicious user can introduce data into the system containing formulas or commands (e.g., starting with characters '=', '+', '-', '@'), which will be embedded in the exported CSV file. When a victim opens such a file in a spreadsheet application (e.g., Microsoft Excel, LibreOffice Calc), the application may automatically execute the contained formulas, including system commands or references to external resources.
An attacker can cause malicious code to be executed on the workstation of a victim who opens an infected CSV file, which may result in data theft, compromise of confidentiality, integrity, and availability of the user's resources.
Apache Ranger should be updated to version 2.6.0 or later, which eliminates this vulnerability. Details are available on the vendor's website: https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
Apache Ranger in all versions below 2.6.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Ranger
APPApache< 2.6.0
Related vulnerabilities
RCE w Apache Ranger poprzez NashornScriptEngineCreator
SSRF w Apache Ranger UI — podatność na stronie edycji usług
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like m...
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a passwo...
An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plu...