{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "0.4.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.5.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.5.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.5.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.5.3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.6.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "0.6.1" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "0.6.2" } ] }, "events": [ { "introduced": "0" }, { "fixed": "167a382b4d86d4aaee44f1877a6aea36784221ca" } ], "repo": "https://github.com/apache/ranger", "type": "GIT" } ] } ], "details": "In Apache Ranger before 0.6.2, users with \"keyadmin\" role should not be allowed to change password for users with \"admin\" role.", "id": "CVE-2016-6815", "modified": "2026-03-15T13:46:36.112862510Z", "published": "2017-10-13T14:29:00.207Z", "references": [ { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/94221" }, { "type": "ADVISORY", "url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }