Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy.
References
Link | Resource |
---|---|
http://mail-archives.apache.org/mod_mbox/ranger-dev/201603.mbox/%3CD31EE434.14B879%25vel%40apache.org%3E | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2016-04-11T19:00:00
Updated: 2016-04-11T18:57:01
Reserved: 2015-12-16T00:00:00
Link: CVE-2016-0735
JSON object: View
NVD Information
Status : Analyzed
Published: 2016-04-11T19:59:02.227
Modified: 2016-04-19T14:01:29.277
Link: CVE-2016-0735
JSON object: View
Redhat Information
No data.
CWE