Missing Origin Validation Vulnerability in Apache Zeppelin by Apache
CVE-2024-51775
5.3MEDIUM
What is CVE-2024-51775?
A vulnerability has been identified in Apache Zeppelin due to missing origin validation in WebSockets. This flaw allows an attacker to access the Zeppelin server from unauthorized origins, potentially exposing sensitive internal information about paragraphs. The affected versions include Apache Zeppelin from 0.11.1 to prior to 0.12.0. It is highly recommended for users to upgrade to version 0.12.0, which includes a fix addressing this security concern.
Affected Version(s)
Apache Zeppelin 0.11.1 < 0.12.0