Esa Hiltunen

**Name of the Vulnerable Software and Affected Versions** Apache Zeppelin versions 0.10.1 through 0.10.x (before 0.11.0) **Description** The issue is related to an Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI. Users are recommended to upgrade to a fixed version. **Recommendations** For Apache Zeppelin versions 0.10.1 through 0.10.x, upgrade to version 0.11.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Zeppelin versions 0.10.1 through 0.10.x before 0.11.0 Apache Zeppelin version 0.10.1 is not the only version affected, the issue affects all versions prior to 0.11.0. Therefore, the correct representation is: Apache Zeppelin versions prior to 0.11.0 **Description** The issue is an Authentication Bypass by Spoofing vulnerability, which can be exploited by replacing existing notes in Apache Zeppelin. **Recommendations** For versions prior to 0.11.0, upgrade to version 0.11.0, which fixes the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Zeppelin versions 0.8.2 through 0.11.0 **Description** The issue is related to improper input validation, allowing attackers to call the updating cron API with invalid or improper privileges. This enables the notebook to run with elevated privileges. **Recommendations** For Apache Zeppelin versions 0.8.2 through 0.11.0, upgrade to version 0.11.1 to fix the issue. As a temporary workaround, consider restricting access to the updating cron API to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Zeppelin versions 0.8.2 through 0.11.0 **Description** The issue is related to improper encoding or escaping of output, allowing attackers to execute shell scripts or malicious code by overriding configuration like `ZEPPELIN INTP CLASSPATH OVERRIDES`. **Recommendations** For Apache Zeppelin versions 0.8.2 through 0.11.0, upgrade to version 0.11.1, which fixes the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Hadoop versions 3.3.1 through 3.3.4 **Description** The issue is related to the use of an unreliable path search in the Apache Hadoop platform, which can allow a remote attacker to execute commands with root privileges. The vulnerability is due to a change in the library loading path for the container-executor binary, which can be exploited by a user with reduced privileges to install a malicious library and have it executed as root. If the YARN cluster is accepting work from remote authenticated users, this may permit remote users to gain root privileges. **Recommendations** For Apache Hadoop versions 3.3.1 through 3.3.4, update to version 3.3.5 or later, which includes the patch to revert the change that introduced the vulnerability. To determine whether a version of container-executor is vulnerable, use the readelf command to check the RUNPATH or RPATH value. If the value contains the relative path "./lib/native/", the version is at risk. To mitigate the issue, ensure that the owner of the container-executor binary is not root and the suid bit is not set.