CVE-2016-8746

EUVD-2018-0720
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
apacheranger
𝑥
≤ 0.6.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/95998
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
http://www.securityfocus.com/bid/95998
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger