Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna Joseph".
Max CVSS
6.1
EPSS Score
0.31%
Published
2019-04-23
Updated
2019-04-24
In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication.
Max CVSS
8.8
EPSS Score
0.25%
Published
2019-04-23
Updated
2019-04-30
Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".
Max CVSS
8.1
EPSS Score
0.28%
Published
2019-04-23
Updated
2019-04-30
3 vulnerabilities found