Plataforma
java
Componente
org.apache.ranger:ranger
Corrigido em
2.5.0
2.5.0
CVE-2024-45479 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in the Edit Service Page of the Apache Ranger UI. This flaw allows unauthenticated attackers to potentially access internal resources and sensitive data within the Ranger environment. The vulnerability impacts versions of Apache Ranger up to and including 2.4.0, and a fix is available in version 2.5.0.
The SSRF vulnerability in Apache Ranger's UI presents a significant risk. An attacker could leverage this to scan internal networks, access cloud metadata services (e.g., AWS, Azure, GCP), and potentially exfiltrate sensitive data stored within Ranger's configuration or accessed by its policies. Successful exploitation could lead to unauthorized access to internal systems and compromise the confidentiality and integrity of data managed by Ranger. The impact is amplified if Ranger is used to manage access control for other critical systems, as an attacker could potentially use this vulnerability to gain broader access.
CVE-2024-45479 was publicly disclosed on January 22, 2025. The vulnerability's SSRF nature makes it potentially attractive to attackers seeking to map internal networks and identify other exploitable targets. There are currently no known public proof-of-concept exploits, but the ease of exploitation inherent in SSRF vulnerabilities suggests that one may emerge. It is not currently listed on the CISA KEV catalog.
Organizations heavily reliant on Apache Ranger for centralized security policy management and access control are particularly at risk. Environments with Ranger integrated with cloud platforms (AWS, Azure, GCP) are also vulnerable, as the SSRF vulnerability could be used to access cloud metadata and potentially compromise cloud resources. Any deployment of Apache Ranger versions 2.4.0 or earlier is considered at risk.
• java / server:
ps -ef | grep ranger• java / server:
journalctl -u ranger-service -f | grep "Edit Service Page"• generic web:
curl -I http://<ranger_server>/ui/edit-service -v• generic web:
grep -r "Edit Service Page" /var/log/apache2/access.logdisclosure
Status do Exploit
EPSS
0.29% (percentil 52%)
Vetor CVSS
The primary mitigation for CVE-2024-45479 is to upgrade Apache Ranger to version 2.5.0 or later, which contains the fix. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting network access to the Ranger UI to trusted sources only. Firewall rules can be configured to limit outbound connections from the Ranger UI to only necessary internal services. Regularly review Ranger's access control policies to ensure they are appropriately configured and minimize the potential impact of a successful SSRF attack. After upgrade, confirm the vulnerability is resolved by attempting to access an internal resource through the Edit Service Page and verifying that the request is denied.
Atualize o Apache Ranger para a versão 2.5.0 ou superior. Esta versão corrige a vulnerabilidade SSRF na página de edição de serviços. A atualização mitigará o risco de que atacantes explorem esta vulnerabilidade para realizar solicitações não autorizadas do servidor.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-45479 is a critical SSRF vulnerability affecting Apache Ranger UI versions up to 2.4.0, allowing attackers to potentially access internal resources.
Yes, if you are running Apache Ranger version 2.4.0 or earlier, you are vulnerable to this SSRF vulnerability.
Upgrade Apache Ranger to version 2.5.0 or later to resolve the vulnerability. Consider temporary workarounds like restricting network access if immediate upgrade is not possible.
While no public exploits are currently known, the SSRF nature of the vulnerability suggests potential for exploitation.
Refer to the Apache Ranger security advisories on the Apache project website for the latest information and updates.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo pom.xml e descubra na hora se você está afetado.