Authentication Bypass by Spoofing vulnerability in Apache Zeppelin
CVE-2024-31863

5.3MEDIUM

Key Information:

Vendor: Apache
Status: Apache Zeppelin
Vendor: CVE Published:; 9 April 2024

Summary

Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0.

Users are recommended to upgrade to version 0.11.0, which fixes the issue.

Affected Version(s)

Apache Zeppelin 0.10.1 < 0.11.0

References

https://lists.apache.org/thread/3od2gfpwllmtc9c5ggw04ohn8...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/04/09/6

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Apr 6, 2024

Credit

Esa Hiltunen

https://teragrep.com