Hello: Here’s a CVE update for Ranger 0.6.2 release. Please see below details.
Release details can be found at https://cwiki.apache.org/confluence/display/RANGER/0.6.2+Release+-+Apache+Ranger <https://cwiki.apache.org/confluence/display/RANGER/0.6.2+Release+-+Apache+Ranger> Thank you, Velmurugan Periasamy ------------------------------------------------------------------------------------------------------- CVE-2016-6815: Apache Ranger user privilege vulnerability ------------------------------------------------------------------------------------------------------- Severity: Normal Vendor: The Apache Software Foundation Versions Affected: All 0.5.x versions or 0.6.0/0.6.1 versions of Apache Ranger Users affected: All users of ranger policy admin tool Description: Users with "keyadmin" role should not be allowed to change password for users with "admin" role. Fix detail: Added logic to validate the user privilege in the backend. Mitigation: Users should upgrade to 0.6.2 or later version of Apache Ranger with the fix. -------------------------------------------------------------------------------------------------------
