CVE-2024-31865

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-31865
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31865.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-31865
Aliases
Published
2024-04-09T16:15:08Z
Modified
2025-02-18T19:52:40Z
Summary
[none]
Details

Improper Input Validation vulnerability in Apache Zeppelin.

The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges.

This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1.

Users are recommended to upgrade to version 0.11.1, which fixes the issue.

References

Affected packages

Git / github.com/apache/zeppelin

Affected ranges

Type
GIT
Repo
https://github.com/apache/zeppelin
Events
Introduced
64f8baec7ca4e86bd88893415e07a8a0f1d133e7
Fixed
4419b4deeac67c0c7a1aeff388fa18ad6a086ddf