[jira] [Closed] (RANGER-4421) Ranger - Upgrade Tomcat to 8.5.93/9.0.80 due to CVE-2023-41080

Sanket Shelar (Jira) Sat, 18 Oct 2025 15:05:00 -0700


     [ 
https://issues.apache.org/jira/browse/RANGER-4421?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Sanket Shelar closed RANGER-4421.
---------------------------------

> Ranger - Upgrade Tomcat to 8.5.93/9.0.80 due to CVE-2023-41080
> --------------------------------------------------------------
>
>                 Key: RANGER-4421
>                 URL: https://issues.apache.org/jira/browse/RANGER-4421
>             Project: Ranger
>          Issue Type: Improvement
>          Components: Ranger
>            Reporter: Sanket Shelar
>            Assignee: Sanket Shelar
>            Priority: Major
>             Fix For: 3.0.0, 2.5.0
>
>         Attachments: 0001-RANGER-4421.patch
>
>
> URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM 
> authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 
> 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 
> through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to 
> the ROOT (default) web application.
> CVSSv3 Score:- 6.1(Medium)
> [https://nvd.nist.gov/vuln/detail/CVE-2023-41080]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Closed] (RANGER-4421) Ranger - Upgrade Tomcat to 8.5.93/9.0.80 due to CVE-2023-41080

Reply via email to