First published: Wed Jun 14 2017(Updated: )
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.
Credit: security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Ranger | <0.6.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-8751 is categorized as a medium severity vulnerability due to its potential impact on security when exploited.
To fix CVE-2016-8751, upgrade Apache Ranger to version 0.6.3 or later to ensure the vulnerability is patched.
CVE-2016-8751 facilitates stored cross-site scripting (XSS) attacks by allowing arbitrary JavaScript code execution.
Admin users of Apache Ranger who define custom policy conditions can unknowingly impact normal users through XSS when using versions prior to 0.6.3.
Versions of Apache Ranger prior to 0.6.3 are affected by CVE-2016-8751.