Description
Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
Remediation
References
http://www.openwall.com/lists/oss-security/2021/09/02/2
https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cusers.zeppelin.apache.org%3E
https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cusers.zeppelin.apache.org%3E
https://lists.apache.org/thread.html/r99529e175a7c1c9a26bd41a02802c8af7aa97319fe561874627eb999%40%3Cusers.zeppelin.apache.org%3E
https://security.gentoo.org/glsa/202311-04
Related Vulnerabilities
CVE-2022-21676 Vulnerability in npm package engine.io
CVE-2022-25645 Vulnerability in maven package org.webjars.npm:dset
CVE-2022-45401 Vulnerability in maven package org.jenkinsci.plugins:associated-files
CVE-2019-13506 Vulnerability in npm package @nuxtjs/devalue
CVE-2022-1291 Vulnerability in maven package org.webjars.npm:tableexport.jquery.plugin