CVE-2015-5167: Restrict REST API data access for non-admin users
Severity: Important
Vendor: Hortonworks
Versions Affected: All HDP 2.3.x releases prior to 2.3.2
Users Affected: All users of ranger policy admin tool.
Impact: See BUG-41604 and RANGER-630. Data access restrictions via REST API are not consistent with restrictions in policy admin UI. Non-admin users can access some ranger data restricted for admin users by calling REST API.
Recommended Action: Upgrade to HDP 2.3.2+.
