Description

The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Remediation

References

https://lists.apache.org/thread/bxs056g3xlsofz0jb3wny9dw4llwptd2

Related Vulnerabilities

CVE-2019-0201 Vulnerability in maven package org.apache.zookeeper:zookeeper

CVE-2020-2301 Vulnerability in maven package org.jenkins-ci.plugins:active-directory

CVE-2019-1003073 Vulnerability in maven package org.jenkins-ci.plugins:vsts-cd

CVE-2020-11023 Vulnerability in maven package org.webjars.bower:jquery

CVE-2020-2167 Vulnerability in maven package com.openshift.jenkins:openshift-pipeline

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Tags

Mailing List Vendor Advisory NVD-CWE-noinfo