Improper Input Validation vulnerability in Apache Zeppelin.
The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges.
This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.
Users are recommended to upgrade to version 0.11.1, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-04-09T16:07:36.358Z
Updated: 2024-08-02T01:59:49.913Z
Reserved: 2024-04-06T11:50:47.384Z
Link: CVE-2024-31865
Vulnrichment
Updated: 2024-04-22T18:48:29.121Z
NVD
Status : Awaiting Analysis
Published: 2024-04-09T16:15:08.213
Modified: 2024-11-21T09:14:02.953
Link: CVE-2024-31865
Redhat
No data.