CVE-2019-12397

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

1.8%

top 17.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Ranger Apache Software Foundation Apache Ranger

Timeline

PublishedAug 8

Latest updateAug 16

Description

Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶Mavenorg.apache.ranger:ranger0.7.0 — 2.0.0

▶NVDapache/ranger0.7.0 — 1.2.0

▶CVEListV5apache_software_foundation/apache_ranger0.7.0 to 1.2.0

🔴Vulnerability Details

GHSA

Cross-site scripting in Apache Ranger↗2019-08-16

▶

OSV

Cross-site scripting in Apache Ranger↗2019-08-16

▶

CVEList

CVE-2019-12397: Policy import functionality in Apache Ranger 0↗2019-08-08

▶