Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-m65c-wmw9-vmpp

GitHub Security Advisory

Apache Zeppelin: Replacing other users notebook, bypassing any permissions

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin. This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0.

Users are recommended to upgrade to version 0.11.0, which fixes the issue.

Affected Packages

Maven org.apache.zeppelin:zeppelin-server
Affected versions: 0.10.1 (fixed in 0.11.0)

Related CVEs

CVE-2024-31863

Key Information

GHSA ID
GHSA-m65c-wmw9-vmpp
Published
April 9, 2024 12:30 PM
Last Modified
February 11, 2025 7:03 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.apache.zeppelin:zeppelin-server
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 24, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.