Credentials management in ranger - CVE-2016-6815
Published: October 13, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU38071
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-6815
CWE-ID: CWE-255
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: ranger
Affected software:
ranger
ranger
Detailed vulnerability description
The vulnerability allows a remote authenticated user to manipulate data.
In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.
How to mitigate CVE-2016-6815
Install update from vendor's website.