SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NApache Ranger
APPApache2.4.0 – 2.5.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SSRF
Related vulnerabilities
CVE-2025-59059CRITICAL9.8PL ✓ten sam produkt
RCE w Apache Ranger poprzez NashornScriptEngineCreator
CVE-2024-55532CRITICAL9.8PL ✓ten sam produkt
CSV Injection w funkcji eksportu Apache Ranger (wersje < 2.6.0)
CVE-2017-7676CRITICAL9.8ten sam produkt
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like m...
CVE-2016-0733CRITICAL9.8ten sam produkt
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a passwo...
CVE-2021-40331HIGH8.1ten sam produkt
An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plu...