CVE update (CVE-2016-0735) - Fixed in Ranger 0.5.2 ----------------------------------------------------- CVE: CVE-2016-0735 Description: Ranger policy excludes flags processing Severity: Important Vendor: The Apache Software Foundation Versions Affected: 0.5.0/0.5.1 versions of Apache Ranger Users Affected: All users that use Ranger to authorize HBase, Hive, and Knox Description: In some cases, an exclude policy at a resource-level can give the user access at its parent resource-level. For example, if a hive policy excludes access for a user to a particular column, then such a user would be able to alter the name of that table. Due to this bug, the user is able to do the operation when an exclude policy is present at the column-level for that table. Mitigation: Users should upgrade to Ranger 0.5.2 version