CVE-2016-8746

Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
apacheCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
apacheranger
𝑥
≤ 0.6.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/95998
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
http://www.securityfocus.com/bid/95998
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger