Vulnerabilities for Zeppelin (...) - CXSECURITY.COM

Vulnerabilities for 'Zeppelin'

2021-09-02

CVE-2020-13929

CWE-287

Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

CVE-2021-27578

CWE-79

Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.

2019-04-23

CVE-2018-1328

CWE-79

Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna Joseph".

CVE-2018-1317

CWE-287

In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication.

CVE-2017-12619

CWE-384

Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".

>>> Vendor: Apache 247 Products

Mod auth radius

Coyote http connector

Open for business project

Tomcat jk web server connector

Myfaces tomahawk

Apache webserver

Apache http server

Portable runtime

Apache commons daemon

Http server2.0a1

Http server2.0a2

Http server2.0a3

Http server2.0a4

Http server2.0a5

Http server2.0a6

Http server2.0a7

Http server2.0a8

Http server2.0a9

Commons-compress

Org.apache.sling.servlets.post

Commons-httpclient

Commons fileupload

Struts2-showcase

Xml security for c++

Xml security for java

Sling auth core component

Httpasyncclient

Mod auth mellon

Santuario xml security for java

Standard taglibs

See all Products for Vendor Apache

Copyright 2024, cxsecurity.com