CVE-2016-6815 - OpenCVE

In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Ranger

Configuration 1 [-]

OR	cpe:2.3:a:apache:ranger:0.4.0:::::::*
	cpe:2.3:a:apache:ranger:0.5.0:::::::*
	cpe:2.3:a:apache:ranger:0.5.1:::::::*
	cpe:2.3:a:apache:ranger:0.5.2:::::::*
	cpe:2.3:a:apache:ranger:0.5.3:::::::*
	cpe:2.3:a:apache:ranger:0.6.0:::::::*
	cpe:2.3:a:apache:ranger:0.6.1:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/94221	Third Party Advisory VDB Entry
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2016-11-06T00:00:00

Updated: 2017-10-14T09:57:01

Reserved: 2016-08-12T00:00:00

Link: CVE-2016-6815

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-10-13T14:29:00.207

Modified: 2017-11-03T16:02:16.803

Link: CVE-2016-6815

JSON object: View

Redhat Information

No data.

CWE

CWE-255

{"containers": {"cna": {"affected": [{"product": "Apache Ranger", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "0.5.x"}, {"status": "affected", "version": "0.6.0"}, {"status": "affected", "version": "0.6.1"}]}], "datePublic": "2016-11-06T00:00:00", "descriptions": [{"lang": "en", "value": "In Apache Ranger before 0.6.2, users with \"keyadmin\" role should not be allowed to change password for users with \"admin\" role."}], "problemTypes": [{"descriptions": [{"description": "Incorrect Privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-14T09:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "94221", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94221"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2016-11-06T00:00:00", "ID": "CVE-2016-6815", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Ranger", "version": {"version_data": [{"version_value": "0.5.x"}, {"version_value": "0.6.0"}, {"version_value": "0.6.1"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Apache Ranger before 0.6.2, users with \"keyadmin\" role should not be allowed to change password for users with \"admin\" role."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Incorrect Privileges"}]}]}, "references": {"reference_data": [{"name": "94221", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94221"}, {"name": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger", "refsource": "CONFIRM", "url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"}]}}}}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2016-6815", "datePublished": "2016-11-06T00:00:00", "dateReserved": "2016-08-12T00:00:00", "dateUpdated": "2017-10-14T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:ranger:0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "28DA5B21-3588-40F7-A9A8-6EB379D7102C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:ranger:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "A1FF8B11-2BF3-4845-AD13-87D960D73E5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:ranger:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "D6909D4B-7BE3-4F29-8982-A5377D63BB17", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:ranger:0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "0479F35C-191B-4C25-9133-19FD57CAC286", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:ranger:0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "88754111-7402-4D9D-8EC5-41FE8247A671", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:ranger:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "90B9E6C0-9400-416B-9E31-309A9B988B6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:ranger:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "498B2C25-FB79-4B7C-A80B-B2EEDBE34C13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Apache Ranger before 0.6.2, users with \"keyadmin\" role should not be allowed to change password for users with \"admin\" role."}, {"lang": "es", "value": "En Apache Ranger en versiones anteriores a la 0.6.2, los usuarios con el rol \"keyadmin\" no deber\u00edan poder cambiar la contrase\u00f1a de los usuarios con el rol \"admin\"."}], "id": "CVE-2016-6815", "lastModified": "2017-11-03T16:02:16.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-13T14:29:00.207", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94221"}, {"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}