Zeppelin Security Vulnerabilities and Issues — Zeppelin CVE List

Lucene search

ApacheZeppelin

3 matches found

CVE•added 2019/04/23 3:29 p.m.•74 views

CVE-2018-1328

Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna Joseph".

6.1CVSS5.8AI score0.0126EPSS

CVE•added 2019/04/23 3:29 p.m.•67 views

CVE-2018-1317

In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication.

8.8CVSS8.6AI score0.03656EPSS

CVE•added 2019/04/23 3:29 p.m.•66 views

CVE-2017-12619

Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".

8.1CVSS7.9AI score0.00986EPSS