Lucene search
China National Vulnerability DatabaseCNVD-2024-17932HistoryApr 11, 2024 - 12:00 a.m.
Apache Zeppelin Security Bypass Vulnerability
2024-04-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
apache zeppelin
full bypass vulnerability
authentication bypass
attacker
apache foundation
open source
web-based
data analysis
collaborative documentation
annotations
cnvd
Apache Zeppelin is a Web-based open source laptop application from the Apache (USA) Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a full bypass vulnerability that can be exploited by an attacker to bypass authentication by replacing existing annotations in Apache Zeppelin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache zeppelin >=0.10.1, | lt | 0.11.0 |
Related
veracode
veracode
Authentication Bypass
2024-04-10 08:49:27
cve
cve
CVE-2024-31863
2024-04-09 11:15:31
cvelist
cvelist
osv
osv
Apache Zeppelin: Replacing other users notebook, bypassing any permissions
2024-04-09 12:30:47
github
github
Apache Zeppelin: Replacing other users notebook, bypassing any permissions
2024-04-09 12:30:47