[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE update - fixed in Apache Ranger 2.0.0
From:       Velmurugan Periasamy <vel () apache ! org>
Date:       2019-08-08 16:15:54
Message-ID: 09D4A543-35B4-4416-A0E3-CF88CFDFDE12 () apache ! org
[Download RAW message or body]

Hello:

Please find below details on CVE fixed in Ranger 2.0.0 release. Release details can be found at \
https://cwiki.apache.org/confluence/display/RANGER/2.0.0+Release+-+Apache+Ranger

———————————————————————————————————————————————————
                
CVE-2019-12397: Apache Ranger cross site scripting issue
Severity: Normal
Vendor: The Apache Software Foundation
Versions Affected: 0.7.0 to 1.2.0 versions of Apache Ranger, prior to 2.0.0
Users affected: All users of ranger policy admin tool
Description: Apache Ranger was found to be vulnerable to a Cross-Site Scripting in policy \
import functionality.  Fix detail: Added logic to sanitize the user input.
Mitigation: Users should upgrade to 2.0.0 or later version of Apache Ranger with the fix.
Credit: Jan Kaszycki from STM Solutions
———————————————————————————————————————————————————


Thank you,
Velmurugan Periasamy


[prev in list] [next in list] [prev in thread] [next in thread]