zeppelin · threatengine.sh

CVE-2024-51775

>= 0.11.0 and < 0.12.0

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from anot

5.3MEDIUM

CVE-2024-52279

>= 0.11.1 and < 0.12.0

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for

5.3MEDIUM

CVE-2024-41177

< 0.12.0

Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0.

6.1MEDIUM

CVE-2024-41169

>= 0.10.1 and < 0.12.0

The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including di

7.5HIGH

CVE-2024-31867

>= 0.8.2 and < 0.11.1

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper confi

6.5MEDIUM

CVE-2024-31868

>= 0.8.2 and < 0.11.1

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS a

6.1MEDIUM

CVE-2024-31866

>= 0.8.2 and < 0.11.1

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious co

9.8CRITICAL

CVE-2024-31865

>= 0.8.2 and < 0.11.1

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper pri

6.5MEDIUM

CVE-2024-31864

< 0.11.1

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive con

9.8CRITICAL

CVE-2024-31863

all versions

Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppel

5.3MEDIUM

CVE-2024-31862

>= 0.10.1 and < 0.11.0

Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Z

5.3MEDIUM

CVE-2022-47894

>= 0.8.0 and < 0.11.0

Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0.

5.3MEDIUM

CVE-2021-28656

<= 0.9.0

Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious reque

5.4MEDIUM

CVE-2024-31860

>= 0.9.0 and < 0.11.0

Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the con

6.5MEDIUM

CVE-2022-46870

< 0.8.2

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Zeppelin allows lo

5.4MEDIUM

CVE-2021-28655

<= 0.9.0

The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete

6.5MEDIUM

CVE-2021-27578

< 0.9.0

Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This

6.1MEDIUM

CVE-2020-13929

<= 0.9.0

Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as an

7.5HIGH

CVE-2019-10095

<= 0.9.0

bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settin

9.8CRITICAL

CVE-2018-1328

< 0.8.0

Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna Joseph".

6.1MEDIUM

CVE-2018-1317

< 0.8.0

In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users

8.8HIGH

CVE-2017-12619

< 0.7.3

Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue

8.1HIGH

apache zeppelin