Vulnerability Details CVE-2017-12619
Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.0%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 5.8
References
- http://www.openwall.com/lists/oss-security/2019/04/23/1
- http://www.securityfocus.com/bid/108050
- https://lists.apache.org/thread.html/ff6b995a5a3ba8db4d6b14b4d9dd487e7bf2e3bdd5b375b64a25fd06%40%3Cusers.zeppelin.apache.org%3E
- https://zeppelin.apache.org/releases/zeppelin-release-0.7.3.html
- http://www.openwall.com/lists/oss-security/2019/04/23/1
- http://www.securityfocus.com/bid/108050
- https://lists.apache.org/thread.html/ff6b995a5a3ba8db4d6b14b4d9dd487e7bf2e3bdd5b375b64a25fd06%40%3Cusers.zeppelin.apache.org%3E
- https://zeppelin.apache.org/releases/zeppelin-release-0.7.3.html
Products affected by CVE-2017-12619
-
cpe:2.3:a:apache:zeppelin:0.5.0
-
cpe:2.3:a:apache:zeppelin:0.5.5
-
cpe:2.3:a:apache:zeppelin:0.5.6
-
cpe:2.3:a:apache:zeppelin:0.6.0
-
cpe:2.3:a:apache:zeppelin:0.6.1
-
cpe:2.3:a:apache:zeppelin:0.6.2
-
cpe:2.3:a:apache:zeppelin:0.7.0
-
cpe:2.3:a:apache:zeppelin:0.7.1
-
cpe:2.3:a:apache:zeppelin:0.7.2