CVE-2016-0733: Ranger Admin authentication issue

Severity: Important

Vendor: Hortonworks

Versions Affected: All HDP 2.3.x releases prior to 2.3.4

Users Affected: All users of ranger policy admin tool.

Impact: See BUG-50669 and RANGER-835. Malicious Users can gain access to ranger admin UI without proper authentication.

Recommended Action: Upgrade to 2.3.4.x+ or HDP 2.4.0+.

CVE-2015-5167: Restrict REST API data access for non-admin users

Severity: Important

Vendor: Hortonworks

Versions Affected: All HDP 2.3.x releases prior to 2.3.4

Users Affected: All users of ranger policy admin tool.

Impact: See BUG-41604 and RANGER-630. Data access restrictions via REST API are not consistent with restrictions in policy admin UI.

Recommended Action: Upgrade to 2.3.4.x+ or HDP 2.4.0+.