GHSA-rf7q-xqm3-6923

Source

https://github.com/advisories/GHSA-rf7q-xqm3-6923

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-rf7q-xqm3-6923/GHSA-rf7q-xqm3-6923.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rf7q-xqm3-6923

Aliases

CVE-2016-5395

Published

2018-10-17T17:21:37Z

Modified

2023-11-08T03:58:31.327757Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML

Details

Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.

Database specific

{
    "nvd_published_at": null,
    "github_reviewed_at": "2020-06-16T21:54:33Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / org.apache.ranger:ranger

Package

Name: org.apache.ranger:ranger; View open source insights on deps.dev
Purl: pkg:maven/org.apache.ranger/ranger

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.1

Affected versions

0.*

0.6.0