Zeppelin@0.8.2 Security Vulnerabilities and Issues — Zeppelin@0.8.2 CVE List

Lucene search

ApacheZeppelin0.8.2

4 matches found

CVE•added 2024/04/09 4:15 p.m.•87 views

CVE-2024-31865

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1...

6.5CVSS6.5AI score0.00631EPSS

CVE•added 2024/04/09 5:16 p.m.•53 views

CVE-2024-31867

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter.This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes th...

6.5CVSS6.5AI score0.01236EPSS

CVE•added 2024/04/09 4:15 p.m.•50 views

CVE-2024-31866

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES.This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to ve...

9.8CVSS9.7AI score0.0114EPSS

CVE•added 2024/04/09 4:15 p.m.•50 views

CVE-2024-31868

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users.This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

6.1CVSS6AI score0.00837EPSS