CVE-2017-7677

CWE-862 — Missing Authorization4 documents4 sources

Severity

5.9MEDIUM

EPSS

0.3%

top 44.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Ranger Apache Software Foundation Apache Ranger

Timeline

PublishedJun 14

Latest updateOct 17

Description

In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.apache.ranger:ranger< 0.7.1

▶NVDapache/ranger0.7.0

▶CVEListV5apache_software_foundation/apache_ranger0.5.x, 0.6.x, 0.7.0+2

🔴Vulnerability Details

GHSA

Moderate severity vulnerability that affects org.apache.ranger:ranger↗2018-10-17

▶

OSV

Moderate severity vulnerability that affects org.apache.ranger:ranger↗2018-10-17

▶

CVEList

CVE-2017-7677: In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0↗2017-06-14

▶