Lucene search
ApacheCVELIST:CVE-2024-31865HistoryApr 09, 2024 - 4:07 p.m.
CVE-2024-31865 Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
2024-04-0916:07:36
CWE-20
apache
www.cve.org
4
apache zeppelin
input validation
cron api
improper privileges
Improper Input Validation vulnerability in Apache Zeppelin.
The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
CNA Affected
[
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.zeppelin:zeppelin-server",
"product": "Apache Zeppelin",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "0.11.1",
"status": "affected",
"version": "0.8.2",
"versionType": "semver"
}
]
}
]Related
cve
cve
CVE-2024-31865
2024-04-09 16:15:08
nvd
nvd
CVE-2024-31865
2024-04-09 16:15:08
vulnrichment
vulnrichment
osv
osv
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
2024-04-09 18:30:22
github
github
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
2024-04-09 18:30:22
cnvd
cnvd
Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17936)
2024-04-11 00:00:00
veracode
veracode
Improper Input Validation
2024-04-12 17:42:25