Description
Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
Remediation
References
http://www.openwall.com/lists/oss-security/2021/09/02/2
https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r768800925d6407a6a87ccae0ec98776b7bda50c0e3ed3d0130dad028%40%3Cusers.zeppelin.apache.org%3E
https://lists.apache.org/thread.html/r99529e175a7c1c9a26bd41a02802c8af7aa97319fe561874627eb999%40%3Cusers.zeppelin.apache.org%3E
https://security.gentoo.org/glsa/202311-04
Related Vulnerabilities
CVE-2016-9299 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2021-21345 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2023-3691 Vulnerability in maven package org.webjars:layui
CVE-2020-7700 Vulnerability in npm package phpjs
CVE-2022-36904 Vulnerability in maven package org.jenkins-ci.plugins:repository-connector