You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "hunter (Jira)" <ji...@apache.org> on 2023/05/16 06:18:00 UTC
[jira] [Updated] (RANGER-4238) Can a patch be provided to fix the CVE-2022-45048 vulnerability in Ranger 2.3.0 in addition to the upgrade to 2.4.0?
[ https://issues.apache.org/jira/browse/RANGER-4238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
hunter updated RANGER-4238:
---------------------------
Description:
Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.
Can a patch be provided to fix the CVE-2022-45048 vulnerability in Ranger 2.3.0 in addition to the upgrade to 2.4.0?
was:Can a patch be provided to fix the CVE-2022-45048 vulnerability in Ranger 2.3.0 in addition to the upgrade to 2.4.0?
> Can a patch be provided to fix the CVE-2022-45048 vulnerability in Ranger 2.3.0 in addition to the upgrade to 2.4.0?
> --------------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-4238
> URL: https://issues.apache.org/jira/browse/RANGER-4238
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 2.3.0
> Reporter: hunter
> Priority: Blocker
>
> Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.
> Can a patch be provided to fix the CVE-2022-45048 vulnerability in Ranger 2.3.0 in addition to the upgrade to 2.4.0?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)