org.apache.zeppelin:zeppelin-server (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.zeppelin:zeppelin-server, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2024-41169 — CVSS 7.5 (high): The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories…
CVE-2024-31860 — CVSS 6.5 (medium): Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for…
CVE-2024-31865 — CVSS 6.5 (medium): Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so…
CVE-2024-31867 — CVSS 6.5 (medium): Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration…
CVE-2024-31862 — CVSS 5.3 (medium): Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin…
CVE-2024-31863 — CVSS 5.3 (medium): Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from…