CVE-2022-45048

CWE-744 documents4 sources

Severity

8.8HIGH

EPSS

0.0%

top 87.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Ranger Apache Ranger

Timeline

PublishedMay 5

Latest updateJul 6

Description

Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.7 | Impact: 6.0

Affected Packages3 packages

▶Mavenorg.apache.ranger:ranger2.3.0 — 2.4.0

▶NVDapache/ranger2.3.0

▶CVEListV5apache_software_foundation/apache_ranger2.3.0

🔴Vulnerability Details

GHSA

Apache Ranger code execution vulnerability in policy expressions↗2023-07-06

▶

OSV

Apache Ranger code execution vulnerability in policy expressions↗2023-07-06

▶

CVEList

Apache Ranger: code execution vulnerability in policy expressions↗2023-05-05

▶