Description

Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.

Remediation

References

http://www.securityfocus.com/bid/92577

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

Related Vulnerabilities

CVE-2020-28469 Vulnerability in npm package glob-parent

CVE-2022-45401 Vulnerability in maven package org.jenkinsci.plugins:associated-files

CVE-2021-28100 Vulnerability in maven package com.netflix.priam:priam

CVE-2018-11248 Vulnerability in maven package com.liulishuo.filedownloader:library

CVE-2022-48285 Vulnerability in maven package org.webjars.npm:jszip

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory