Description
In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.
Remediation
References
http://www.securityfocus.com/bid/94221
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
Related Vulnerabilities
CVE-2019-10416 Vulnerability in maven package org.jenkins-ci.plugins:violation-comments-to-gitlab
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-beam-sql
CVE-2020-6831 Vulnerability in maven package org.webjars.npm:electron
CVE-2022-26884 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-server
CVE-2016-8745 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core