CVE-2024-45479

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0.
Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
apacheCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
apacheranger
2.4.0 ≤
𝑥
< 2.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
http://www.openwall.com/lists/oss-security/2025/01/21/4