CVE-2017-7676

CWE-20 — Improper Input Validation4 documents4 sources

Severity

9.8CRITICAL

EPSS

0.9%

top 24.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Ranger Apache Software Foundation Apache Ranger

Timeline

PublishedJun 14

Latest updateOct 17

Description

Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶Mavenorg.apache.ranger:ranger< 0.7.1

▶NVDapache/ranger0.7.0

▶CVEListV5apache_software_foundation/apache_ranger0.5.x, 0.6.x, 0.7.0+2

🔴Vulnerability Details

GHSA

Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character↗2018-10-17

▶

OSV

Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character↗2018-10-17

▶

CVEList

CVE-2017-7676: Policy resource matcher in Apache Ranger before 0↗2017-06-14

▶