Hello: HereĀ¹s a CVE update for Ranger 0.5.1 release. Please see below details.
Thank you, Velmurugan Periasamy -------------------------------------------------------------------------- CVE-2015-5167: Restrict REST API data access for non-admin users -------------------------------------------------------------------------- Severity: Important Vendor: The Apache Software Foundation Versions Affected: 0.4.0 and 0.5.0 version of Apache Ranger Users affected: All users of ranger policy admin tool Description: Data access restrictions via REST API are not consistent with restrictions in policy admin UI. Mitigation: Users should upgrade to Ranger 0.5.1 version -------------------------------------------------------------------------- CVE-2016-0733: Ranger Admin authentication issue -------------------------------------------------------------------------- Severity: Important Vendor: The Apache Software Foundation Versions Affected: 0.4.0 and 0.5.0 version of Apache Ranger Users affected: All users of ranger policy admin tool Description: Malicious Users can gain access to ranger admin UI without proper authentication Mitigation: Users should upgrade to Ranger 0.5.1 version --------------------------------------------------------------------------
