CVE-2016-6815

Description

In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.

Affected products

• Apache Software Foundation / Apache Ranger0.5.x – 0.5.x
• Apache Software Foundation / Apache Ranger0.6.0 – 0.6.0
• Apache Software Foundation / Apache Ranger0.6.1 – 0.6.1

References

• MISChttp://www.securityfocus.com/bid/94221
• MISChttps://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger