Lucene search
ApacheVULNRICHMENT:CVE-2024-31865HistoryApr 09, 2024 - 4:07 p.m.
CVE-2024-31865 Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
2024-04-0916:07:36
CWE-20
apache
github.com
1
apache zeppelin
input validation
cron api
improper privileges
cve-2024-31865
upgrade
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Improper Input Validation vulnerability in Apache Zeppelin.
The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache:zeppelin:0.8.2:*:*:*:*:*:*:*"
],
"vendor": "apache",
"product": "zeppelin",
"versions": [
{
"status": "affected",
"version": "0.8.2"
}
],
"defaultStatus": "unknown"
}
]Related
cve
cve
CVE-2024-31865
2024-04-09 16:15:08
nvd
nvd
CVE-2024-31865
2024-04-09 16:15:08
osv
osv
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
2024-04-09 18:30:22
cvelist
cvelist
github
github
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
2024-04-09 18:30:22
cnvd
cnvd
Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17936)
2024-04-11 00:00:00
veracode
veracode
Improper Input Validation
2024-04-12 17:42:25
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-31865