CVE-2020-13929 – org.apache.zeppelin:zeppelin

Package

Manager: maven
Name: org.apache.zeppelin:zeppelin
Vulnerable Version: >=0 <0.10.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.001 pctl0.28295

Details

Authentication bypass in Apache Zeppelin Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Metadata

Created: 2021-09-07T22:56:56Z
Modified: 2021-09-13T20:32:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-87p2-cvhq-q4mv/GHSA-87p2-cvhq-q4mv.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-87p2-cvhq-q4mv
Finding: F006
Auto approve: 1