Common Vulnerabilities and Exposures
Important | |
---|---|
Hortonworks strongly recommends that all users running HDP 2.3.4 upgrade to HDP 2.3.4.7. |
CVE-2016-0733: Ranger Admin authentication issue
Severity: Important
Vendor: Hortonworks
Versions Affected: All HDP 2.3.x releases prior to 2.3.4
Users Affected: All users of ranger policy admin tool.
Impact: See BUG-50669 and RANGER-835. Malicious Users can gain access to ranger admin UI without proper authentication.
Recommended Action: Upgrade to 2.3.4.x+ or HDP 2.4.0+.
CVE-2015-5167: Restrict REST API data access for non-admin users
Severity: Important
Vendor: Hortonworks
Versions Affected: All HDP 2.3.x releases prior to 2.3.4
Users Affected: All users of ranger policy admin tool.
Impact: See BUG-41604 and RANGER-630. Data access restrictions via REST API are not consistent with restrictions in policy admin UI.
Recommended Action: Upgrade to 2.3.4.x+ or HDP 2.4.0+.