Authentication Bypass by Spoofing vulnerability in Apache Zeppelin
CVE-2024-31863

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Zeppelin
Vendor: CVE Published:; 9 April 2024

Summary

Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0.

Users are recommended to upgrade to version 0.11.0, which fixes the issue.

Affected Version(s)

Apache Zeppelin 0.10.1 < 0.11.0

References

https://lists.apache.org/thread/3od2gfpwllmtc9c5ggw04ohn8...

vendor-advisory

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Apr 6, 2024

Credit

Esa Hiltunen

https://teragrep.com