CVE-2024-45478

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-45478

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45478.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-45478

Aliases

GHSA-vrx2-mgr9-v67h

Published

2025-01-21T22:15:12.137Z

Modified

2026-03-17T14:32:28.904512Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

References

Affected packages

Git / github.com/apache/ranger

Affected ranges

Type

GIT

Repo

https://github.com/apache/ranger

Events

Introduced

50ad9c19e62f5aa6b2888b17437aa6fb1e2c0a36

Fixed

f3e2a44f0d7f80be4eed95b456f5066089a88891

Database specific

{
    "versions": [
        {
            "introduced": "2.4.0"
        },
        {
            "fixed": "2.5.0"
        }
    ]
}

Affected versions

release-2.*

release-2.4.0-rc2

release-2.5.0-rc0

release-2.5.0-rc1

release-2.5.0-rc2

release-2.5.0-rc3

release-ranger-2.*

release-ranger-2.4.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45478.json"