CVE-2018-1317

CWE-287 — Improper Authentication4 documents4 sources

Severity

8.8HIGH

EPSS

3.3%

top 12.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Zeppelin Apache Software Foundation Apache Zeppelin

Timeline

PublishedApr 23

Latest updateApr 24

Description

In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDapache/zeppelin< 0.8.0

▶Mavenorg.apache.zeppelin:zeppelin< 0.8.0

▶CVEListV5apache_software_foundation/apache_zeppelinprior to 0.8.0

🔴Vulnerability Details

GHSA

Improper Authentication in Apache Zeppelin↗2019-04-24

▶

OSV

Improper Authentication in Apache Zeppelin↗2019-04-24

▶

CVEList

CVE-2018-1317: In Apache Zeppelin prior to 0↗2019-04-23

▶