CVE-2016-6815

Published on: 10/13/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:12 PM UTC

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Certain versions of Ranger from Apache contain the following vulnerability:

In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.

  • CVE-2016-6815 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
  • Affected Vendor/Software: Apache Software Foundation - Apache Ranger version 0.5.x
  • Affected Vendor/Software: Apache Software Foundation - Apache Ranger version 0.6.0
  • Affected Vendor/Software: Apache Software Foundation - Apache Ranger version 0.6.1

CVSS3 Score: 6.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE HIGH NONE

CVSS2 Score: 4 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 94221
Vulnerabilities found in Ranger - Ranger - Apache Software Foundation Vendor Advisory
cwiki.apache.org
text/html
URL Logo CONFIRM cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationApacheRanger0.4.0AllAllAll
ApplicationApacheRanger0.5.0AllAllAll
ApplicationApacheRanger0.5.1AllAllAll
ApplicationApacheRanger0.5.2AllAllAll
ApplicationApacheRanger0.5.3AllAllAll
ApplicationApacheRanger0.6.0AllAllAll
ApplicationApacheRanger0.6.1AllAllAll
ApplicationApacheRanger0.4.0AllAllAll
ApplicationApacheRanger0.5.0AllAllAll
ApplicationApacheRanger0.5.1AllAllAll
ApplicationApacheRanger0.5.2AllAllAll
ApplicationApacheRanger0.5.3AllAllAll
ApplicationApacheRanger0.6.0AllAllAll
ApplicationApacheRanger0.6.1AllAllAll
  • cpe:2.3:a:apache:ranger:0.4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:ranger:0.5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:ranger:0.5.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:ranger:0.5.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:ranger:0.5.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:ranger:0.6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:ranger:0.6.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:ranger:0.4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:ranger:0.5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:ranger:0.5.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:ranger:0.5.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:ranger:0.5.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:ranger:0.6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:ranger:0.6.1:*:*:*:*:*:*:*: