CVE-2024-45479
Published: 21 January 2025
Summary
CVE-2024-45479 is a critical-severity SSRF (CWE-918) vulnerability in Apache Ranger. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-45479 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting the Edit Service Page of the Apache Ranger UI in Apache Ranger version 2.4.0. This flaw allows attackers to manipulate server-side requests, potentially leading to unauthorized access to internal resources. The vulnerability carries a CVSS v3.1 base score of 9.1 (Critical), reflecting its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impacts on confidentiality and integrity with no availability disruption.
Any unauthenticated attacker with network access can exploit this vulnerability by interacting with the affected Edit Service Page in the Apache Ranger UI. Successful exploitation enables high confidentiality impact, such as reading sensitive internal data or services not directly accessible externally, and high integrity impact, potentially allowing modification of targeted resources through forged requests, without affecting system availability.
Apache advisories recommend upgrading to Apache Ranger version 2.5.0, which resolves this issue. Additional details are available in the Apache Ranger vulnerabilities wiki at https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger and the oss-security mailing list announcement at http://www.openwall.com/lists/oss-security/2025/01/21/4.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-0161
Vulnerability details
SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in public-facing Ranger UI directly enables T1190 exploitation; forged requests facilitate internal network/service probing (T1046).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the SSRF vulnerability by identifying, reporting, and applying the vendor-recommended patch to upgrade Apache Ranger from 2.4.0 to 2.5.0.
Prevents SSRF exploitation by validating user inputs to the Edit Service Page in Apache Ranger UI, blocking malicious URLs or parameters that trigger unauthorized server-side requests.
Mitigates SSRF impact by monitoring and controlling communications at boundaries, isolating the publicly accessible Apache Ranger UI from internal networks to block access to sensitive resources.