CVE-2020-13929

CWE-287Improper Authentication4 documents4 sources
Severity
7.5HIGH
EPSS
0.1%
top 68.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache ZeppelinApache Zeppelin
Timeline
PublishedSep 2
Latest updateSep 7

Description

Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDapache/zeppelin0.9.0
CVEListV5apache_software_foundation/apache_zeppelinApache Zeppelin0.9.0

🔴Vulnerability Details

3
GHSA
Authentication bypass in Apache Zeppelin2021-09-07
OSV
Authentication bypass in Apache Zeppelin2021-09-07
CVEList
Notebook permissions bypass2021-09-02
CVE-2020-13929 (HIGH CVSS 7.5) | Authentication bypass vulnerability | cvebase.io