CVE-2024-45479: Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost

[Velmurugan Periasamy <vel () apache org>]

Severity: moderate

Affected versions:

- Apache Ranger 2.4.0 before 2.5.0

Description:

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0.
Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

Credit:

Gyujin (biz () web-us kr) (finder)

References:

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
https://ranger.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-45479