Home > Vulnerability Database > CVE-2024-31865

Mend.io Vulnerability Database

CVE-2024-31865

Good to know:

Date: April 9, 2024

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

Language: Java

Severity Score

5.4

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-31865

Url: http://www.openwall.com/lists/oss-security/2024/04/09/9

Url: https://github.com/apache/zeppelin/commit/49e2740a1d83d58d2401ccf175fc91ffebfb0892

Url: https://lists.apache.org/thread/slm1sf0slwc11f4m4r0nd6ot2rf7w81l

Url: https://github.com/apache/zeppelin/pull/4631

Url: https://www.mend.io/vulnerability-database/CVE-2024-31865

Severity Score

5.4

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version org.apache.zeppelin:zeppelin-server:0.11.1

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-31865

Good to know:

Date: April 9, 2024

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?