PT-2024-24251 · Apache · Apache Zeppelin

Esa Hiltunen

Published

2024-04-09

Updated

2025-03-25

CVE-2024-31863

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache Zeppelin versions 0.10.1 through 0.10.x before 0.11.0 Apache Zeppelin version 0.10.1 is not the only version affected, the issue affects all versions prior to 0.11.0. Therefore, the correct representation is: Apache Zeppelin versions prior to 0.11.0

Description The issue is an Authentication Bypass by Spoofing vulnerability, which can be exploited by replacing existing notes in Apache Zeppelin.

Recommendations For versions prior to 0.11.0, upgrade to version 0.11.0, which fixes the issue.

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

CVE-2024-31863

GHSA-M65C-WMW9-VMPP

Affected Products

Apache Zeppelin

PT-2024-24251 · Apache · Apache Zeppelin

CVE-2024-31863

Weakness Enumeration

Related Identifiers

Affected Products

References · 10