PT-2025-2699 · Apache · Apache Ranger

Gyujin

Published

2025-01-21

Updated

2025-01-27

CVE-2024-45479

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Apache Ranger versions 2.4.0

Description: A Server-Side Request Forgery (SSRF) issue exists in the Edit Service Page of the Apache Ranger UI. Users are recommended to upgrade to version Apache Ranger 2.5.0 to resolve this issue.

Recommendations: Apache Ranger version 2.4.0: Upgrade to Apache Ranger version 2.5.0 to fix the SSRF vulnerability.

Fix

SSRF

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918CWE-20

Related Identifiers

CVE-2024-45479

GHSA-G9GF-G5JQ-9H3V

Affected Products

Apache Ranger

PT-2025-2699 · Apache · Apache Ranger

CVE-2024-45479

Weakness Enumeration

Related Identifiers

Affected Products

References · 10