Lucene search
GitHub Advisory DatabaseGHSA-GM67-H5WR-W3CVHistoryJul 06, 2023 - 7:24 p.m.
Apache Zeppelin Improper Input Validation vulnerability
2023-07-0619:24:05
CWE-20
GitHub Advisory Database
github.com
12
apache zeppelin
input validation
vulnerability
move folder to trash
arbitrary files
software
version 0.9.0
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS
0.002
Percentile
53.1%
The improper Input Validation vulnerability in Move folder to Trash feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
Affected configurations
Node
org.apache.zeppelinzeppelinRange<0.10.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.apache.zeppelin | zeppelin | * | cpe:2.3:a:org.apache.zeppelin:zeppelin:*:*:*:*:*:*:*:* |
Related
osv
osv
Apache Zeppelin Improper Input Validation vulnerability
2023-07-06 19:24:05
CVE-2021-28655
2022-12-16 13:15:08
cvelist
cvelist
CVE-2021-28655 Apache Zeppelin: Arbitrary file deletion vulnerability
2022-12-16 12:51:51
prion
prion
Input validation
2022-12-16 13:15:00
nvd
nvd
CVE-2021-28655
2022-12-16 13:15:08
veracode
veracode
Arbitrary File Deletion
2022-12-19 01:14:46
cnvd
cnvd
Apache Zeppelin input validation error vulnerability
2022-12-20 00:00:00
cve
cve
CVE-2021-28655
2022-12-16 13:15:08
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS
0.002
Percentile
53.1%
Related for GHSA-GM67-H5WR-W3CV