CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-45478: Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input

Description

Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0.
Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

Classification

CVE ID: CVE-2024-45478

Affected Products

Vendor: Apache Software Foundation

Product: Apache Ranger

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.7% (scored less or equal to compared to others)

EPSS Date: 2025-02-19 (when was this score calculated)

References

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

Timeline

2025-01-22 00:30:20 UTC
CVE

Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input