Zeppelin Security Vulnerabilities and Issues — Zeppelin CVE List

Lucene search

ApacheZeppelin

4 matches found

CVE•added 2021/09/02 5:15 p.m.•74 views

CVE-2020-13929

Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

7.5CVSS7.7AI score0.0012EPSS

CVE•added 2025/07/12 5:15 p.m.•16 views

CVE-2024-41169

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing ...

7.5CVSS6.7AI score0.00048EPSS

CVE•added 2025/08/03 10:15 a.m.•8 views

CVE-2024-52279

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.

7.5CVSS9.4AI score0.01251EPSS

CVE•added 2025/08/03 11:15 a.m.•5 views

CVE-2024-51775

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to...

7.5CVSS6.2AI score0.00043EPSS