Apache Zeppelin: Replacing other users notebook, bypassing any permissions
Moderate severity
GitHub Reviewed
Published
Apr 9, 2024
to the GitHub Advisory Database
•
Updated Feb 11, 2025
Package
Affected versions
>= 0.10.1, < 0.11.0
Patched versions
0.11.0
Description
Published by the National Vulnerability Database
Apr 9, 2024
Published to the GitHub Advisory Database
Apr 9, 2024
Reviewed
Apr 9, 2024
Last updated
Feb 11, 2025
Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin. This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0.
Users are recommended to upgrade to version 0.11.0, which fixes the issue.
References