Description
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.
Remediation
References
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
http://www.securityfocus.com/bid/95998
Related Vulnerabilities
CVE-2023-31419 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2023-39151 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-24998 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2022-4375 Vulnerability in maven package net.mingsoft:ms-mcms