CVE-2024-45478

Published Jan 21, 2025

Last updated a month ago

CVSS medium 4.8

Overview

Description
Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.
Source
security@apache.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.8
Impact score
2.7
Exploitability score
1.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security@apache.org
CWE-20

Social media

Hype score
Not currently trending

  1. CVE-2024-45478: Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input https://t.co/GEXQiLMQM4 CVE-2024-45479: Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost https://t.co/69QwH6efkR

    @oss_security

    21 Jan 2025

    136 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References