Description
In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.
Remediation
References
http://www.securityfocus.com/bid/94221
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
Related Vulnerabilities
CVE-2022-43183 Vulnerability in maven package com.xuxueli:xxl-job
CVE-2022-37264 Vulnerability in npm package steal
CVE-2023-47327 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web
CVE-2021-26118 Vulnerability in maven package org.apache.activemq:artemis-openwire-protocol
CVE-2020-28471 Vulnerability in npm package properties-reader