CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-45479: Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost

Description

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0.
Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

Classification

CVE ID: CVE-2024-45479

Affected Products

Vendor: Apache Software Foundation

Product: Apache Ranger

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.72% (scored less or equal to compared to others)

EPSS Date: 2025-02-25 (when was this score calculated)

References

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

Timeline

2025-01-28 00:30:21 UTC
CVE

Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost