PT-2025-2698 · Apache · Apache Ranger

Gyujin

Published

2025-01-21

Updated

2025-01-22

CVE-2024-45478

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache Ranger version 2.4.0

Description A Stored XSS issue exists in the Edit Service Page of the Apache Ranger UI. This allows for malicious script execution. Users are advised to upgrade to Apache Ranger version 2.5.0 to resolve the issue.

Recommendations For Apache Ranger version 2.4.0, upgrade to version 2.5.0 to fix the issue. As a temporary workaround, consider restricting access to the Edit Service Page in the Apache Ranger UI until the upgrade can be applied.

Fix

XSS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-20

Related Identifiers

CVE-2024-45478

GHSA-VRX2-MGR9-V67H

Affected Products

Apache Ranger

PT-2025-2698 · Apache · Apache Ranger

CVE-2024-45478

Weakness Enumeration

Related Identifiers

Affected Products

References · 9