Plattform
java
Komponente
org.apache.ranger:ranger
Behoben in
2.5.0
2.5.0
CVE-2024-45479 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in the Edit Service Page of the Apache Ranger UI. This flaw allows unauthenticated attackers to potentially access internal resources and sensitive data within the Ranger environment. The vulnerability impacts versions of Apache Ranger up to and including 2.4.0, and a fix is available in version 2.5.0.
The SSRF vulnerability in Apache Ranger's UI presents a significant risk. An attacker could leverage this to scan internal networks, access cloud metadata services (e.g., AWS, Azure, GCP), and potentially exfiltrate sensitive data stored within Ranger's configuration or accessed by its policies. Successful exploitation could lead to unauthorized access to internal systems and compromise the confidentiality and integrity of data managed by Ranger. The impact is amplified if Ranger is used to manage access control for other critical systems, as an attacker could potentially use this vulnerability to gain broader access.
CVE-2024-45479 was publicly disclosed on January 22, 2025. The vulnerability's SSRF nature makes it potentially attractive to attackers seeking to map internal networks and identify other exploitable targets. There are currently no known public proof-of-concept exploits, but the ease of exploitation inherent in SSRF vulnerabilities suggests that one may emerge. It is not currently listed on the CISA KEV catalog.
Organizations heavily reliant on Apache Ranger for centralized security policy management and access control are particularly at risk. Environments with Ranger integrated with cloud platforms (AWS, Azure, GCP) are also vulnerable, as the SSRF vulnerability could be used to access cloud metadata and potentially compromise cloud resources. Any deployment of Apache Ranger versions 2.4.0 or earlier is considered at risk.
• java / server:
ps -ef | grep ranger• java / server:
journalctl -u ranger-service -f | grep "Edit Service Page"• generic web:
curl -I http://<ranger_server>/ui/edit-service -v• generic web:
grep -r "Edit Service Page" /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.29% (52% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2024-45479 is to upgrade Apache Ranger to version 2.5.0 or later, which contains the fix. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting network access to the Ranger UI to trusted sources only. Firewall rules can be configured to limit outbound connections from the Ranger UI to only necessary internal services. Regularly review Ranger's access control policies to ensure they are appropriately configured and minimize the potential impact of a successful SSRF attack. After upgrade, confirm the vulnerability is resolved by attempting to access an internal resource through the Edit Service Page and verifying that the request is denied.
Aktualisieren Sie Apache Ranger auf Version 2.5.0 oder höher. Diese Version behebt die (SSRF) Schwachstelle in der Dienstbearbeitungsseite. Das Update mildert das Risiko, dass Angreifer diese Schwachstelle ausnutzen, um nicht autorisierte Anfragen vom Server zu stellen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-45479 is a critical SSRF vulnerability affecting Apache Ranger UI versions up to 2.4.0, allowing attackers to potentially access internal resources.
Yes, if you are running Apache Ranger version 2.4.0 or earlier, you are vulnerable to this SSRF vulnerability.
Upgrade Apache Ranger to version 2.5.0 or later to resolve the vulnerability. Consider temporary workarounds like restricting network access if immediate upgrade is not possible.
While no public exploits are currently known, the SSRF nature of the vulnerability suggests potential for exploitation.
Refer to the Apache Ranger security advisories on the Apache project website for the latest information and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.