zeppelin-interpreter is vulnerable to privilege escalation. Lack of proper authentication mechanism allows an attacker to bypass of permissions and act as another user.
CPE | Name | Operator | Version |
---|---|---|---|
zeppelin: interpreter | le | 0.9.0 | |
zeppelin: interpreter | le | 0.9.0 |
www.openwall.com/lists/oss-security/2021/09/02/2
github.com/apache/zeppelin/commit/409235e8db2ac370eed22d73a67d0771e886f907
lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cusers.zeppelin.apache.org%3E
lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028@%3Cannounce.apache.org%3E
lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028@%3Cusers.zeppelin.apache.org%3E
lists.apache.org/thread.html/r99529e175a7c1c9a26bd41a02802c8af7aa97319fe561874627eb999@%3Cusers.zeppelin.apache.org%3E