CVE-2024-45479

Published Jan 21, 2025

Last updated a month ago

CVSS critical 9.1

Overview

Description
SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.
Source
security@apache.org
NVD status
Undergoing Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity
CRITICAL

Weaknesses

security@apache.org
CWE-20

Social media

Hype score
Not currently trending

  1. CVE-2024-45478: Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input https://t.co/GEXQiLMQM4 CVE-2024-45479: Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost https://t.co/69QwH6efkR

    @oss_security

    21 Jan 2025

    136 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References