CVE-2024-45479

CWE-918 — Server-Side Request Forgery (SSRF)CWE-20 — Improper Input Validation4 documents4 sources

Severity

9.1CRITICAL

EPSS

0.3%

top 47.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Ranger Apache Ranger

Timeline

PublishedJan 21

Latest updateJan 22

Description

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

▶NVDapache/ranger2.4.0 — 2.5.0

▶Mavenorg.apache.ranger:ranger< 2.5.0

▶CVEListV5apache_software_foundation/apache_ranger2.4.0 — 2.5.0

🔴Vulnerability Details

OSV

Apache Ranger UI vulnerable to Server Side Request Forgery↗2025-01-22

▶

GHSA

Apache Ranger UI vulnerable to Server Side Request Forgery↗2025-01-22

▶

CVEList

Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost↗2025-01-21

▶