Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
The static configuration variable RangerCSRFPreventionFilter.IS_CSRF_ENABLED is public, meaning that a malicious application running in the same JVM as Ranger could disable CSRF protection. It should be private instead.