CVE-2017-12619

CWE-3844 documents4 sources

Severity

8.1HIGH

EPSS

0.9%

top 23.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Zeppelin Apache Software Foundation Apache Zeppelin

Timeline

PublishedApr 23

Latest updateApr 24

Description

Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

▶NVDapache/zeppelin< 0.7.3

▶Mavenorg.apache.zeppelin:zeppelin< 0.7.3

▶CVEListV5apache_software_foundation/apache_zeppelinprior to 0.7.3

🔴Vulnerability Details

GHSA

Session Fixation in Apache Zeppelin↗2019-04-24

▶

OSV

Session Fixation in Apache Zeppelin↗2019-04-24

▶

CVEList

CVE-2017-12619: Apache Zeppelin prior to 0↗2019-04-23

▶