CVE-2024-45478

CVE-2024-45478: Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input

Vendor Apache Software Foundation

Product Apache Ranger

Weakness CWE-79 · XSS

Published January 21, 2025

Last update June 10, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

Key dates

Disclosure timeline

January 21, 2025 CVE published

June 10, 2025 Record updated