Base Score

HIGH8.8

CVE-2022-45048

Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.

VectorNETWORK

Published Bysecurity@apache.org

Published DateMay 05, 2023, 08:15

Affected Versions(1)

org.apache.ranger:ranger(Maven)

Introduced2.3.0

Fixed2.4.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.ranger:ranger(Maven)	2.3.0	2.4.0	N/A

Weakness Type (CWE):CWE-74

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://lists.apache.org/thread/6rpzwy1smdhr60tsh1ydknn3kdm45bb6

Base Score

HIGH8.8

Weakness Type (CWE):CWE-74

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH