Vulnerability Details CVE-2018-1328
Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna Joseph".
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.openwall.com/lists/oss-security/2019/04/23/1
- http://www.securityfocus.com/bid/108047
- https://lists.apache.org/thread.html/ff6b995a5a3ba8db4d6b14b4d9dd487e7bf2e3bdd5b375b64a25fd06%40%3Cusers.zeppelin.apache.org%3E
- https://zeppelin.apache.org/releases/zeppelin-release-0.8.0.html
- http://www.openwall.com/lists/oss-security/2019/04/23/1
- http://www.securityfocus.com/bid/108047
- https://lists.apache.org/thread.html/ff6b995a5a3ba8db4d6b14b4d9dd487e7bf2e3bdd5b375b64a25fd06%40%3Cusers.zeppelin.apache.org%3E
- https://zeppelin.apache.org/releases/zeppelin-release-0.8.0.html
Products affected by CVE-2018-1328
-
cpe:2.3:a:apache:zeppelin:0.5.0
-
cpe:2.3:a:apache:zeppelin:0.5.5
-
cpe:2.3:a:apache:zeppelin:0.5.6
-
cpe:2.3:a:apache:zeppelin:0.6.0
-
cpe:2.3:a:apache:zeppelin:0.6.1
-
cpe:2.3:a:apache:zeppelin:0.6.2
-
cpe:2.3:a:apache:zeppelin:0.7.0
-
cpe:2.3:a:apache:zeppelin:0.7.1
-
cpe:2.3:a:apache:zeppelin:0.7.2
-
cpe:2.3:a:apache:zeppelin:0.7.3