CVE-2015-5167: Restrict REST API data access for non-admin users

Severity: Important

Vendor: Hortonworks

Versions Affected: All HDP 2.3.x releases prior to 2.3.2

Users Affected: All users of ranger policy admin tool.

Impact: See BUG-41604 and RANGER-630. Data access restrictions via REST API are not consistent with restrictions in policy admin UI. Non-admin users can access some ranger data restricted for admin users by calling REST API.

Recommended Action: Upgrade to HDP 2.3.2+.