CVE-2024-31860

CWE-22Path TraversalCWE-20Improper Input Validation4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.6%
top 31.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache ZeppelinApache Zeppelin
Timeline
PublishedApr 9

Description

Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access. This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Mavenorg.apache.zeppelin:zeppelin-server0.9.00.11.0
NVDapache/zeppelin0.9.00.11.0
CVEListV5apache_software_foundation/apache_zeppelin0.9.00.11.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
CVEList
Apache Zeppelin: Path traversal vulnerability2024-04-09
OSV
Apache Zeppelin Path Traversal vulnerability2024-04-09
GHSA
Apache Zeppelin Path Traversal vulnerability2024-04-09
CVE-2024-31860 (MEDIUM CVSS 6.5) | Improper Input Validation vulnerabi | cvebase.io