We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-45479

Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost



Description

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

Reserved 2024-08-29 | Published 2025-01-21 | Updated 2025-06-10 | Assigner apache

Problem types

CWE-918 Server-Side Request Forgery (SSRF)

Product status

Default status
unaffected

2.4.0 before 2.5.0
affected

Credits

Gyujin (biz@web-us.kr) finder

References

cwiki.apache.org/...y/RANGER/Vulnerabilities+found+in+Ranger vendor-advisory

cve.org (CVE-2024-45479)

nvd.nist.gov (CVE-2024-45479)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-45479

Support options

Helpdesk Chat, Email, Knowledgebase