cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-31867,https://securityvulnerability.io/vulnerability/CVE-2024-31867,Apache Zeppelin: LDAP search filter query Injection Vulnerability,"Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. ",Apache,Apache Zeppelin,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-09T16:15:47.978Z,0 CVE-2024-31868,https://securityvulnerability.io/vulnerability/CVE-2024-31868,Apache Zeppelin: XSS vulnerability in the helium module,"Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.",Apache,Apache Zeppelin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-09T16:10:30.671Z,0 CVE-2024-31866,https://securityvulnerability.io/vulnerability/CVE-2024-31866,Apache Zeppelin: Interpreter download command does not escape malicious code injection,"Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. ",Apache,Apache Zeppelin,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-09T16:09:12.117Z,0 CVE-2024-31865,https://securityvulnerability.io/vulnerability/CVE-2024-31865,Apache Zeppelin: Cron arbitrary user impersonation with improper privileges,"Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. ",Apache,Apache Zeppelin,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-09T16:07:36.358Z,0 CVE-2024-31864,https://securityvulnerability.io/vulnerability/CVE-2024-31864,Apache Zeppelin: Remote code execution by adding malicious JDBC connection string,"Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. ",Apache,Apache Zeppelin,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-09T16:05:32.690Z,0 CVE-2024-31863,https://securityvulnerability.io/vulnerability/CVE-2024-31863,Authentication Bypass by Spoofing vulnerability in Apache Zeppelin,"Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. ",Apache,Apache Zeppelin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-09T10:25:29.449Z,0 CVE-2024-31862,https://securityvulnerability.io/vulnerability/CVE-2024-31862,Improper Input Validation vulnerability in Apache Zeppelin,"Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. ",Apache,Apache Zeppelin,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-09T09:40:39.495Z,0 CVE-2022-47894,https://securityvulnerability.io/vulnerability/CVE-2022-47894,Improper Input Validation Vulnerability Affects Apache Zeppelin SAP,"An improper input validation vulnerability exists in the Apache Zeppelin SAP component, impacting versions from 0.8.0 up to, but not including, 0.11.0. This issue arises due to insufficient checks on user input, which could lead to unintended behavior within the application. Since the Apache Zeppelin SAP project has been retired and is no longer maintained, no patches or updates will be released to address this vulnerability. Users are advised to either migrate to alternative solutions or limit access to the affected instances to only trusted users, thereby mitigating potential security risks.",Apache,Apache Zeppelin SAP,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-09T09:29:17.806Z,0 CVE-2021-28656,https://securityvulnerability.io/vulnerability/CVE-2021-28656,Apache Zeppelin CSRF Vulnerability Allows Malicious Request Submission,"A Cross-Site Request Forgery (CSRF) vulnerability exists in the credential management page of Apache Zeppelin. This vulnerability enables attackers to forge requests that compromise user credentials, potentially allowing unauthorized actions on the server. Users of Apache Zeppelin version 0.9.0 and earlier are particularly affected, as their systems may not adequately validate the authenticity of requests, leaving them open to exploitation. It is vital for organizations utilizing this product to implement security measures to safeguard against such attacks.",Apache,Apache Zeppelin,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-09T09:12:58.493Z,0 CVE-2024-31860,https://securityvulnerability.io/vulnerability/CVE-2024-31860,Attackers Can Access Contents of Files on Server with Improper Input Validation Vulnerability in Apache Zeppelin,"Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access.  This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. ",Apache,Apache Zeppelin,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-09T09:08:28.802Z,0 CVE-2022-46870,https://securityvulnerability.io/vulnerability/CVE-2022-46870,Apache Zeppelin: Stored XSS in note permissions,"An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows logged-in users to execute arbitrary javascript in other users' browsers. This issue affects Apache Zeppelin before 0.8.2. Users are recommended to upgrade to a supported version of Zeppelin. ",Apache,Apache Zeppelin,5.4,MEDIUM,0.003819999983534217,false,,false,false,false,,,false,false,,2022-12-16T12:55:37.597Z,0 CVE-2021-28655,https://securityvulnerability.io/vulnerability/CVE-2021-28655,Apache Zeppelin: Arbitrary file deletion vulnerability,"The improper Input Validation vulnerability in ""”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.",Apache,Apache Zeppelin,6.5,MEDIUM,0.0015699999639764428,false,,false,false,false,,,false,false,,2022-12-16T12:51:51.927Z,0 CVE-2020-13929,https://securityvulnerability.io/vulnerability/CVE-2020-13929,Notebook permissions bypass,Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.,Apache,Apache Zeppelin,7.5,HIGH,0.0032999999821186066,false,,false,false,false,,,false,false,,2021-09-02T00:00:00.000Z,0 CVE-2021-27578,https://securityvulnerability.io/vulnerability/CVE-2021-27578,Cross Site Scripting in markdown interpreter,Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0.,Apache,Apache Zeppelin,6.1,MEDIUM,0.005249999929219484,false,,false,false,false,,,false,false,,2021-09-02T00:00:00.000Z,0 CVE-2019-10095,https://securityvulnerability.io/vulnerability/CVE-2019-10095,bash command injection in spark interpreter,bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.,Apache,Apache Zeppelin,9.8,CRITICAL,0.01056000031530857,false,,false,false,false,,,false,false,,2021-09-02T00:00:00.000Z,0 CVE-2018-1328,https://securityvulnerability.io/vulnerability/CVE-2018-1328,,"Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by ""Josna Joseph"".",Apache,Apache Zeppelin,6.1,MEDIUM,0.003640000009909272,false,,false,false,false,,,false,false,,2019-04-23T14:45:24.000Z,0 CVE-2018-1317,https://securityvulnerability.io/vulnerability/CVE-2018-1317,,In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication.,Apache,Apache Zeppelin,8.8,HIGH,0.002360000042244792,false,,false,false,false,,,false,false,,2019-04-23T14:45:20.000Z,0 CVE-2017-12619,https://securityvulnerability.io/vulnerability/CVE-2017-12619,,"Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by ""stone lone"".",Apache,Apache Zeppelin,8.1,HIGH,0.0017999999690800905,false,,false,false,false,,,false,false,,2019-04-23T14:45:16.000Z,0