Shodan
Vulnerabilities
Vulnerable Software
Apache:  >> Zeppelin  >> 0.11.0  Security Vulnerabilities
CVE-2024-41169
The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removing the Cluster Interpreter.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-07-12
CVE-2024-31867
Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.
CVSS Score
6.5
EPSS Score
0.009
Published
2024-04-09
CVE-2024-31864
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.
CVSS Score
9.8
EPSS Score
0.013
Published
2024-04-09
CVE-2024-31865
Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.
CVSS Score
6.5
EPSS Score
0.005
Published
2024-04-09
CVE-2024-31866
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.
CVSS Score
9.8
EPSS Score
0.008
Published
2024-04-09
CVE-2024-31868
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.
CVSS Score
6.1
EPSS Score
0.006
Published
2024-04-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved