Zeppelin Security Vulnerabilities and Issues — Zeppelin CVE List

Lucene search

ApacheZeppelin

10 matches found

CVE•added 2024/04/09 4:15 p.m.•86 views

CVE-2024-31865

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1...

6.5CVSS6.5AI score0.00465EPSS

CVE•added 2024/04/09 11:15 a.m.•77 views

CVE-2024-31863

Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

5.3CVSS5.2AI score0.00142EPSS

CVE•added 2024/04/09 9:15 a.m.•70 views

CVE-2024-31860

Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access. This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade t...

6.5CVSS6.4AI score0.00403EPSS

CVE•added 2024/04/09 10:15 a.m.•69 views

CVE-2022-47894

Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to ...

5.3CVSS5.3AI score0.00216EPSS

CVE•added 2024/04/09 10:15 a.m.•67 views

CVE-2024-31862

Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

5.3CVSS5.2AI score0.00215EPSS

CVE•added 2024/04/09 4:15 p.m.•67 views

CVE-2024-31864

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver.This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version...

9.8CVSS9.6AI score0.01251EPSS

CVE•added 2024/04/09 10:15 a.m.•52 views

CVE-2021-28656

Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

5.4CVSS5.4AI score0.00937EPSS

CVE•added 2024/04/09 5:16 p.m.•52 views

CVE-2024-31867

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter.This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes th...

6.5CVSS6.5AI score0.00913EPSS

CVE•added 2024/04/09 4:15 p.m.•49 views

CVE-2024-31868

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users.This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

6.1CVSS6AI score0.00618EPSS

CVE•added 2024/04/09 4:15 p.m.•48 views

CVE-2024-31866

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES.This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to ve...

9.8CVSS9.7AI score0.00842EPSS