Zeppelin@* Security Vulnerabilities and Issues — Zeppelin@* CVE List

ApacheZeppelin*

7 matches found

CVE•added 2022/12/16 12:55 p.m.•86 views

CVE-2022-46870

CVEs summary: CVE-2022-46870 is a cross-site scripting (XSS) vulnerability in Apache Zeppelin up to version 0.8.2. The issue stems from improper neutralization of input during web page generation, allowing logged-in users to execute arbitrary JavaScript in other users’ browsers. Affected product:...

5.4CVSS5.8AI score0.06EPSS

CVE•added 2019/04/23 2:45 p.m.•85 views

CVE-2018-1328

CVE-2018-1328 affects Apache Zeppelin prior to 0.8.0, where a stored XSS flaw exists via Note permissions. The root cause is unsanitized input in Note handling that can trigger script execution. Impact is user-facing XSS; remediation is upgrading Zeppelin to 0.8.0 or later (or applying equivalent...

6.1CVSS5.8AI score0.00871EPSS

CVE•added 2019/04/23 2:45 p.m.•83 views

CVE-2018-1317

CVE-2018-1317 affects Apache Zeppelin prior to 0.8.0, where the cron scheduler was enabled by default. This could allow users to run paragraphs as other users without authentication, constituting an authentication bypass. The documented remediation is to upgrade to Zeppelin 0.8.0 or later, which ...

8.8CVSS8.6AI score0.03289EPSS

CVE•added 2024/04/09 4:5 p.m.•83 views

CVE-2024-31864

CVE-2024-31864 affects Apache Zeppelin prior to 0.11.1, enabling code injection when establishing a MySQL JDBC connection. The issue is described as improper control of generation of code, with a CVSS v3.1 base score of 9.8 (Network, HIGH impact on confidentiality, integrity, and availability). T...

9.8CVSS9.6AI score0.11349EPSS

CVE•added 2021/09/02 12:0 a.m.•81 views

CVE-2021-27578

CVE-2021-27578 is a Cross Site Scripting vulnerability in the Markdown interpreter of Apache Zeppelin. Affected product: Apache Zeppelin (web-based notebook). Affected version: prior to 0.9.0. Root cause: XSS in the markdown interpreter that allows an attacker to inject malicious scripts. Impact:...

6.1CVSS6.2AI score0.007EPSS

CVE•added 2019/04/23 2:45 p.m.•77 views

CVE-2017-12619

CVE-2017-12619 affects Apache Zeppelin prior to 0.7.3, where a session fixation flaw could allow an attacker to hijack a valid user session. The issue is documented across multiple sources (NVD entry for CVE-2017-12619 and OSV/GHSA advisories) and is commonly described as a session fixation vulne...

8.1CVSS7.9AI score0.00811EPSS

CVE•added 2025/08/03 10:9 a.m.•20 views

CVE-2024-41177

CVE-2024-41177 affects Apache Zeppelin (Helium module) up to version 0.12.0. The issue is an Incomplete Blacklist to Cross-Site Scripting vulnerability in the Helium module, allowing XSS via insufficient input validation. The recommended remediation is to upgrade org.apache.zeppelin:zeppelin-web ...

6.1CVSS6AI score0.01329EPSS