Lucene search
China National Vulnerability DatabaseCNVD-2024-17936HistoryApr 11, 2024 - 12:00 a.m.
Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17936)
2024-04-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
apache zeppelin
web-based application
open source
data analysis
documentation
input validation
vulnerability
attacker
api
privilege calls
Apache Zeppelin is a Web-based open source laptop application from the Apache (USA) Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin has an input validation error vulnerability that can be exploited by an attacker to update the cron API using invalid or incorrect privilege calls.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache zeppelin >=0.8.2, | lt | 0.11.1 |
Related
cve
cve
CVE-2024-31865
2024-04-09 16:15:08
nvd
nvd
CVE-2024-31865
2024-04-09 16:15:08
osv
osv
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
2024-04-09 18:30:22
cvelist
cvelist
github
github
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
2024-04-09 18:30:22
veracode
veracode
Improper Input Validation
2024-04-12 17:42:25