Access Control Bypass Affecting org.apache.zeppelin:zeppelin Open this link in a new tab package, versions [,0.8.0)
Proof of concept
Do your applications use this vulnerable package?
25 Apr 2019
13 Apr 2018
How to fix?
org.apache.zeppelin:zeppelin to version 0.8.0 or higher.
org.apache.zeppelin:zeppelin is a web-based notebook that enables interactive data analytics.
Affected versions of this package are vulnerable to Access Control Bypass. The cron scheduler enabled by default could allow users to run paragraphs as other users without authentication.