Medium severity6.5NVD Advisory· Published Oct 13, 2017· Updated May 13, 2026
CVE-2016-6815
CVE-2016-6815
Description
In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.ranger:rangerMaven | < 0.6.2 | 0.6.2 |
Affected products
8cpe:2.3:a:apache:ranger:0.4.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:apache:ranger:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ranger:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ranger:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ranger:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ranger:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ranger:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:ranger:0.6.1:*:*:*:*:*:*:*
- Apache Software Foundation/Apache Rangerv5Range: 0.5.x
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.securityfocus.com/bid/94221nvdThird Party AdvisoryVDB EntryWEB
- cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+RangernvdVendor AdvisoryWEB
- github.com/advisories/GHSA-vhxc-8jjq-859jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-6815ghsaADVISORY
News mentions
0No linked articles in our index yet.