Full title: Apache Ranger 0.5.x / 0.6.x / 0.7.0 Policy Miss / Permission Check Vulnerability 
Category: local exploits
Platform: multiple
Apache Ranger versions prior to 0.7.1 suffer from issues where policy evaluation ignores characters after the asterisk wildcard character and the Hive Authorizer fails to check for RWX permission when an external location is specified.

# 0day.today @ http://0day.today/